Son of Nimda
A new variant of the Nimda worm, called Nimda.E or Son of Nimda,
The only PCs that can be infected by Nimda.E are those that have not been secured in the aftermath of the original
worm, which infected nearly 160,000 hosts, according to data from the Cooperative Association of Internet Data Analysis.
Like its parent, Nimda.E can infect PCs and servers in any of four ways: through an e-mail attachment, by scanning for
vulnerable servers running Microsoft's Internet Information Server software and then exploiting a flaw in the software, through
shared hard drives, and by fooling browsers into uploading the worm from infected Web servers.
The main difference beween this variant and PE_NIMDA.A are the
names of three of its dropped files. However, similar to the original
variant, the name of the dropped executables are names of valid system
files.
Aliz
This is an email worm that exploits a known security exploit in Internet Explorer. When a user views an
HTML e-mail carrying the worm, Internet Explorer may launch the attached program executing the Aliz
code (from the program: whatever.exe). This is due to the "Incorrect MIME Header" vulnerability in
Microsoft Internet Explorer 5.01 and 5.5. For a detailed description of this security hole and links to the
appropriate patches, please visit:
the Microsoft Technet Site
Previous TCS Virus Alerts:
Tulsa Computer Society
Don Singleton, President
don@donsingleton.com