Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

SYMANTEC PROVIDES COMPREHENSIVE PROTECTION AGAINST W32.NIMDA.A@MM

19.09.2001



New Analysis of Computer Worm Indicates Additional Destructive Payload

Symantec Corp. (Nasdaq: SYMC), a world leader in Internet security, today announced that new analysis of W32.Nimda.A@mm reveals that the worm contains an additional destructive payload that will not only require detection, but removal. The new analysis indicates that the worm is a file infector, overwriting .exe files.

W32.Nimda.A@mm is a mass-mailing worm that utilizes multiple methods to spread itself. The worm sends itself out by e-mail, infects machines over the network, and infects unpatched or already vulnerable Microsoft IIS Web servers. The worm also has various side effects, such as increasing network traffic while searching for machines to infect, which may cause network bandwidth problems. W32.Nimda.A@mm will also attempt to create security holes by creating a guest account with administrator privileges and create open shares on the infected system.

Symantec currently provides an integrated detection and repair solution against W32.Nimda.A@mm. In one step, users can download a cure that will simultaneously detect the worm and repair damaged files. The new definitions are available through Symantec’s LiveUpdate feature or from the Symantec Web site http://www.securityresponse.symantec.com/avcenter/download.html "Using blended Internet security threats - the combination of viruses, exploits, or vulnerabilities - to attack businesses and destroy assets, continue to rise," said Vincent Weafer, senior director of Symantec Security Response. "For the first time, to combat such a fast spreading threat, Symantec integrated its solution for W32.Nimda.A@mm to detect and repair in one seamless step. The integrated solution allows for quick clean up with little downtime, while preventing additional infections."

Symantec Security Response recommends that IT administrators implement the following to stop the propagation of W32.Nimda.A@mm:

  • Block e-mails containing a "readme.exe" attachment.

  • Update virus definitions and ensure that firewalls are correctly configured.

  • Download the latest security updates for Enterprise Security Manager and NetRecon.

  • Install the IIS Unicode Transversal security patch.

  • Install the malformed MIME header execution security patch.

  • Close network share drives.

Additionally, consumers can immediately protect themselves against the new worm by implementing the following:

  • Use Symantec’s LiveUpdate feature to obtain the latest virus definitions.

  • Use the Windows Update feature located on the "Start" menu on Window 95 and higher systems to download new security patches.

  • Disable the "File Download" feature in Internet Explorer to prevent compromise.

Both consumers and enterprises can be infected through a variety of methods.

  • E-mail - One of the methods the worm infects PCs though is e-mail. The e-mail arrives with an attachment - readme.exe that is not always visible and contains a randomly generated subject line and no body message. The worm uses its own SMTP engine to e-mail itself out to all the addresses it collects by searching the user’s incoming and outgoing e-mail boxes. Internet Explorer users v5.01 or v5.5 - (IE 5 with the Service Pak 2 or later installed or IE 6 are not affected) will receive a blank e-mail - no subject line, no body and a hidden attachment. Just opening the e-mail can infect user’s PCs. For the latest Microsoft security patch, visit http://www.microsoft.com/windows/ie/download/critical/q290108/default .asp.

  • Shared Drives - PC users with shared drives enabled are also at risk. The worm searches for open network shares and will attempt to copy itself to these systems and then execute. IT administrators should close all network shared drives.

  • Web sites -When users visit a compromised Web site, the server will run a script attempting to download an Outlook file, which contains the W32.Nimda.A@mm worm. The worm will create an open network share on the infected machine allowing access to the system. W32.Nimda.A@mm specifically targets versions of IIS servers, taking advantage of the known Universal Web Traversal exploit (MS Security Bulletin MS00-078), which is similar to the exploit used in the Code Red attack. Compromised servers will display a Web page and attempt to download an Outlook file that contains the worm as an attachment. IT Administrators should download the Microsoft security patch for IIS 4.0 athttp://www.microsoft.com/downloads/Release.asp?ReleaseID=32061 and for IIS v5.0 at http://www.microsoft.com/downloads/Release.asp?ReleaseID=32011.

Symantec provides additional protection against W32.Nimda.A@mm through the following solutions:

  • Enterprise Security Manager -Symantec’s policy compliance and vulnerability management system, helps manage security patch update functions. New patch templates are available that detect the underlying vulnerability on Windows NT 4.0 and Windows 2000 servers.

  • NetProwler - Symantec’s network-based intrusion detection tool, with Security Update 8 installed, is capable of detecting attempts to attack IIS 4.0 and 5.0 servers through this vulnerability.

  • NetRecon - Symantec’s network vulnerability assessment tool will be updated to detect if this vulnerability exists on a system and if so will provide recommendations on how to fix it.

  • Symantec Enterprise Firewall (Raptor Firewall) - Symantec’s application inspection firewall, by default, blocks suspect outbound data traffic from web servers, like IIS, when operating on the firewall’s service network, thereby stopping the propagation of this, as well as other types of attacks.

  • Symantec Security Check - This service, www.symantec.com/securitycheck, has been updated to scan if a system is vulnerable to this exploit.

  • Norton Internet Security - Symantec’s integrated security and privacy suite for consumers can be updated to ensure only trusted programs access the Internet.

Über Symantec Symantec ist weltweit marktführend auf dem Gebiet der Internet-Sicherheit. Die umfangreiche Palette an Lösungen in den Bereichen Content und Network Security für Privatanwender und Unternehmen umfasst Virenschutz, Firewalls und Virtual Private Networks ebenso wie Vulnerability Management, Intrusion Detection, Internet- und E-Mail-Filter sowie Technologien für die Remote-Verwaltung und Sicherheitsservices für Unternehmen weltweit. Die Consumermarke für Sicherheitsprodukte Norton ist weltweit marktführend im Einzelhandel und hat zahlreiche Auszeichnungen der Branche bekommen. Das im Jahr 1982 gegründete Unternehmen ist in Cupertino, Kalifornien, beheimatet und vertreibt seine Produkte in 37 Ländern. Für mehr Informationen besuchen Sie uns unter

Andrea Wolf | ots
Further information:
http://www.symantec.com/securitycheck,
http://www.microsoft.com/downloads/Release.asp?ReleaseID=32061
http://www.microsoft.com/downloads/Release.asp?ReleaseID=32011

More articles from Communications Media:

nachricht Product placement: Only brands placed very prominently benefit from 3D technology
07.07.2016 | Alpen-Adria-Universität Klagenfurt

nachricht NASA Goddard network maintains communications from space to ground
02.03.2016 | NASA/Goddard Space Flight Center

All articles from Communications Media >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: OLED microdisplays in data glasses for improved human-machine interaction

The Fraunhofer Institute for Organic Electronics, Electron Beam and Plasma Technology FEP has been developing various applications for OLED microdisplays based on organic semiconductors. By integrating the capabilities of an image sensor directly into the microdisplay, eye movements can be recorded by the smart glasses and utilized for guidance and control functions, as one example. The new design will be debuted at Augmented World Expo Europe (AWE) in Berlin at Booth B25, October 18th – 19th.

“Augmented-reality” and “wearables” have become terms we encounter almost daily. Both can make daily life a little simpler and provide valuable assistance for...

Im Focus: Artificial Intelligence Helps in the Discovery of New Materials

With the help of artificial intelligence, chemists from the University of Basel in Switzerland have computed the characteristics of about two million crystals made up of four chemical elements. The researchers were able to identify 90 previously unknown thermodynamically stable crystals that can be regarded as new materials. They report on their findings in the scientific journal Physical Review Letters.

Elpasolite is a glassy, transparent, shiny and soft mineral with a cubic crystal structure. First discovered in El Paso County (Colorado, USA), it can also be...

Im Focus: Complex hardmetal tools out of the 3D printer

For the first time, Fraunhofer IKTS shows additively manufactured hardmetal tools at WorldPM 2016 in Hamburg. Mechanical, chemical as well as a high heat resistance and extreme hardness are required from tools that are used in mechanical and automotive engineering or in plastics and building materials industry. Researchers at the Fraunhofer Institute for Ceramic Technologies and Systems IKTS in Dresden managed the production of complex hardmetal tools via 3D printing in a quality that are in no way inferior to conventionally produced high-performance tools.

Fraunhofer IKTS counts decades of proven expertise in the development of hardmetals. To date, reliable cutting, drilling, pressing and stamping tools made of...

Im Focus: Launch of New Industry Working Group for Process Control in Laser Material Processing

At AKL’16, the International Laser Technology Congress held in May this year, interest in the topic of process control was greater than expected. Appropriately, the event was also used to launch the Industry Working Group for Process Control in Laser Material Processing. The group provides a forum for representatives from industry and research to initiate pre-competitive projects and discuss issues such as standards, potential cost savings and feasibility.

In the age of industry 4.0, laser technology is firmly established within manufacturing. A wide variety of laser techniques – from USP ablation and additive...

Im Focus: New laser joining technologies at ‘K 2016’ trade fair

Every three years, the plastics industry gathers at K, the international trade fair for plastics and rubber in Düsseldorf. The Fraunhofer Institute for Laser Technology ILT will also be attending again and presenting many innovative technologies, such as for joining plastics and metals using ultrashort pulse lasers. From October 19 to 26, you can find the Fraunhofer ILT at the joint Fraunhofer booth SC01 in Hall 7.

K is the world’s largest trade fair for the plastics and rubber industry. As in previous years, the organizers are expecting 3,000 exhibitors and more than...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

Experts from industry and academia discuss the future mobile telecommunications standard 5G

23.09.2016 | Event News

ICPE in Graz for the seventh time

20.09.2016 | Event News

Using mathematical models to understand our brain

16.09.2016 | Event News

 
Latest News

Chains of nanogold – forged with atomic precision

23.09.2016 | Life Sciences

New leukemia treatment offers hope

23.09.2016 | Health and Medicine

Self-assembled nanostructures hit their target

23.09.2016 | Life Sciences

VideoLinks
B2B-VideoLinks
More VideoLinks >>>