http://www.centralcommand.com has a small write up of what it does to your machine (where it puts files, etc.). Most of the other info I grabbed from the NANOG list. It doesn't look like it destroys things on your system, it's only purpose is to propagate. > -----Original Message----- > From: Scott Raun [mailto:sraun at fireopal.org] > Sent: Tuesday, September 18, 2001 12:25 PM > To: tclug-list at mn-linux.org > Subject: Re: [TCLUG] New Worm based on Code Red? > > > On Tue, Sep 18, 2001 at 12:09:43PM -0500, Austad, Jay wrote: > > The worm is called Nimba, it's not based on Code Red. It spreads 4 > > different ways: > > > > <snip> > > > > 4. Via the eml vulnerability in IE versions prior to 6.0 (very few > > have upgraded to 6.0). If a webserver has Nimba, it will append a > > nice piece of javascript to the end of every web page served which > > will open an EML file which will infect the machine viewing the web > > page. There is no dialog, it just opens. This bug was > discovered by > > George Guninski about a month or so ago, and is apparently > fixed in IE > > 6.0. So IE users can get the virus just by visiting a page > on an infected IIS server. > > Can you provide a link to a write-up on what exactly this > item is going to do to an end-user PC? > > As of about two hours ago, Symantec views it as a low-damage, > high-distribution virus, one that is, overall, a low threat. > McAfee doesn't seem to know about it at all! > > -- > Scott Raun > sraun at fireopal.org _______________________________________________ > tclug-list mailing list > tclug-list at mn-linux.org > https://mailman.mn-> linux.org/mailman/listinfo/tclug-list >