Posted on 09/18/2001 10:04:31 AM PDT by rockfish59
this is real, folks! my e mail is infected right now and i will be working on a way to fix it. any help or suggestions would be appreciated. the e mail says this:
Hi! How are you?
I send you this file in order to have your advice.
See you later.
the same letter is going to jim robinson in my name. when he first contacted me i didn't know what he was talking about. last night it sent a steady stream to him. he said they were coming every 5 minutes or so and went from about 11:40pm to 2:15am.
Good to see you. We have been busy getting packages ready to send back to N.Y. to my husbands family and friends.
;-)
My iMAC wife says same as you.
Kinda like the early VW bug owners -- a cult, dangerous one at that.
My dear brother and sister FReepers,
At this, of all times in my lifetime, I would like nothing more than to be able to read these threads and reply to them. I have much I would like to say.
BUT, I cannot!
Why?
Because I am trying hard to raise the finances needed to keep FreeRepublic up and running so that we can continue to share valuable information and respond to it.
I beg you, if you have not yet donated to FreeRepublic this quarter, do so now!
I realize you are giving to lots of Relief efforts and I encourage you to do so. But we need to help FR too. Where would we be right now without it?
If you have no money, please come and bump the Fundraiser Thread.
I would really like to reach our goal quickly so that I and the rest of the dedicated FReepers who are working the Fundraiser Threads can participate in what is undeniably the most important time in FreeRepublic's history.
FreeRepublic Fundraiser --WE WILL STAND UNITED!!!-- We NEED YOUR HELP AND PATRIOTIC POSTS! <--click here
Support FreeRepublic! Support the U.S.A. <--click here
By Duncan Martell
SAN FRANCISCO (Reuters) - A damaging new computer worm was spreading like wildfire across the Internet on Tuesday, hitting both home PC users and commercial servers, in an outbreak that could prove more widespread and costly than the Code Red viruses, computer security experts said.
Known as ``Nimda,'' which spells admin backwards, the worm spreads by sending infected e-mails and also appears able to infect Web sites, so when a user visits a compromised Web site, the browser -- if it has not been patched -- can spread the worm to a PC, analysts said.
So far, it appears that Nimda arrives in e-mail without a subject line and containing an attachment titled ``readme.exe,'' experts said.
Internet security experts have warned of the potential for an increase in virus activity after last week's attacks on the World Trade Center and Pentagon (news - web sites), but U.S. Attorney General John Ashcroft (news - web sites) said there was no sign the outbreak was linked to those events.
``There is no evidence at this time which links this infection to the terrorist attacks of last week,'' Ashcroft told a news briefing.
The worm may have started as early as Monday and was showing signs of overloading traffic on the Internet, Ashcroft said, saying that Nimda proved ``heavier'' than the Code Red worm that caused an estimated $2.6 billion in clean-up costs on Internet-linked computers after outbreaks in July and August.
``Compared to Code Red, it may well be bigger simply because it can affect home users as well,'' said Graham Cluley, senior technical consultant for Sophos Antivirus.
If Microsoft Corp.'s (Nasdaq:MSFT - news) Outlook e-mail program has not been patched with an update that became available in March, the recipient does not even need to open the attachment to activate the virus -- opening the e-mail itself is sufficient -- said Vincent Weafer, senior director of Symantec Corp.'s (Nasdaq:SYMC - news) Symantec Security Response unit.
Other e-mail programs, such as Eudora or International Business Machine Corp.'s Lotus Notes, require the recipient to open the attachment for the virus to replicate, he said.
So far, the malicious program does not appear capable of erasing files or data, but Nimda has shown itself capable of slowing down computer operations as it replicates, experts said.
``In terms of data destruction, we haven't seen anything,'' Weafer said.
Experts said Nimda had appeared in the United States, Europe and Latin America and was likely to spread to other regions as well.
``It seems to be very widespread and (moves) at an incredibly quick rate,'' Cluley said. ``The reason it's become so widespread is because it not only travels via e-mail but it contaminates Web sites as well.''
The worm exploits an already detected vulnerability in Microsoft's Internet Information Server Web software running on Windows NT or 2000 machines, the same breach that the Code Red viruses exploited, experts said.
Once Nimda infects a machine, it tries to replicate in three ways. It has its own e-mail engine and will try to send itself out using addresses stored in e-mail programs. It also scans IIS servers looking for the known vulnerability and attacks those servers. Finally, it looks for shared disk drives and tries to replicate itself to those devices, Symantec's Weafer said.
Experts urged companies and users to update antivirus software and to download the software patches, noting the principal reason the worm had spread so quickly was that people and companies had not downloaded the free software patches.
Patches are available for both the IIS vulnerability and Web browsers at http://www.microsoft.com/security.
Uh, yeah, I bet that's it. Do you work in Computer Customer Support somewhere?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.