Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:




New Analysis of Computer Worm Indicates Additional Destructive Payload

Symantec Corp. (Nasdaq: SYMC), a world leader in Internet security, today announced that new analysis of W32.Nimda.A@mm reveals that the worm contains an additional destructive payload that will not only require detection, but removal. The new analysis indicates that the worm is a file infector, overwriting .exe files.

W32.Nimda.A@mm is a mass-mailing worm that utilizes multiple methods to spread itself. The worm sends itself out by e-mail, infects machines over the network, and infects unpatched or already vulnerable Microsoft IIS Web servers. The worm also has various side effects, such as increasing network traffic while searching for machines to infect, which may cause network bandwidth problems. W32.Nimda.A@mm will also attempt to create security holes by creating a guest account with administrator privileges and create open shares on the infected system.

Symantec currently provides an integrated detection and repair solution against W32.Nimda.A@mm. In one step, users can download a cure that will simultaneously detect the worm and repair damaged files. The new definitions are available through Symantec’s LiveUpdate feature or from the Symantec Web site "Using blended Internet security threats - the combination of viruses, exploits, or vulnerabilities - to attack businesses and destroy assets, continue to rise," said Vincent Weafer, senior director of Symantec Security Response. "For the first time, to combat such a fast spreading threat, Symantec integrated its solution for W32.Nimda.A@mm to detect and repair in one seamless step. The integrated solution allows for quick clean up with little downtime, while preventing additional infections."

Symantec Security Response recommends that IT administrators implement the following to stop the propagation of W32.Nimda.A@mm:

  • Block e-mails containing a "readme.exe" attachment.

  • Update virus definitions and ensure that firewalls are correctly configured.

  • Download the latest security updates for Enterprise Security Manager and NetRecon.

  • Install the IIS Unicode Transversal security patch.

  • Install the malformed MIME header execution security patch.

  • Close network share drives.

Additionally, consumers can immediately protect themselves against the new worm by implementing the following:

  • Use Symantec’s LiveUpdate feature to obtain the latest virus definitions.

  • Use the Windows Update feature located on the "Start" menu on Window 95 and higher systems to download new security patches.

  • Disable the "File Download" feature in Internet Explorer to prevent compromise.

Both consumers and enterprises can be infected through a variety of methods.

  • E-mail - One of the methods the worm infects PCs though is e-mail. The e-mail arrives with an attachment - readme.exe that is not always visible and contains a randomly generated subject line and no body message. The worm uses its own SMTP engine to e-mail itself out to all the addresses it collects by searching the user’s incoming and outgoing e-mail boxes. Internet Explorer users v5.01 or v5.5 - (IE 5 with the Service Pak 2 or later installed or IE 6 are not affected) will receive a blank e-mail - no subject line, no body and a hidden attachment. Just opening the e-mail can infect user’s PCs. For the latest Microsoft security patch, visit .asp.

  • Shared Drives - PC users with shared drives enabled are also at risk. The worm searches for open network shares and will attempt to copy itself to these systems and then execute. IT administrators should close all network shared drives.

  • Web sites -When users visit a compromised Web site, the server will run a script attempting to download an Outlook file, which contains the W32.Nimda.A@mm worm. The worm will create an open network share on the infected machine allowing access to the system. W32.Nimda.A@mm specifically targets versions of IIS servers, taking advantage of the known Universal Web Traversal exploit (MS Security Bulletin MS00-078), which is similar to the exploit used in the Code Red attack. Compromised servers will display a Web page and attempt to download an Outlook file that contains the worm as an attachment. IT Administrators should download the Microsoft security patch for IIS 4.0 at and for IIS v5.0 at

Symantec provides additional protection against W32.Nimda.A@mm through the following solutions:

  • Enterprise Security Manager -Symantec’s policy compliance and vulnerability management system, helps manage security patch update functions. New patch templates are available that detect the underlying vulnerability on Windows NT 4.0 and Windows 2000 servers.

  • NetProwler - Symantec’s network-based intrusion detection tool, with Security Update 8 installed, is capable of detecting attempts to attack IIS 4.0 and 5.0 servers through this vulnerability.

  • NetRecon - Symantec’s network vulnerability assessment tool will be updated to detect if this vulnerability exists on a system and if so will provide recommendations on how to fix it.

  • Symantec Enterprise Firewall (Raptor Firewall) - Symantec’s application inspection firewall, by default, blocks suspect outbound data traffic from web servers, like IIS, when operating on the firewall’s service network, thereby stopping the propagation of this, as well as other types of attacks.

  • Symantec Security Check - This service,, has been updated to scan if a system is vulnerable to this exploit.

  • Norton Internet Security - Symantec’s integrated security and privacy suite for consumers can be updated to ensure only trusted programs access the Internet.

Über Symantec Symantec ist weltweit marktführend auf dem Gebiet der Internet-Sicherheit. Die umfangreiche Palette an Lösungen in den Bereichen Content und Network Security für Privatanwender und Unternehmen umfasst Virenschutz, Firewalls und Virtual Private Networks ebenso wie Vulnerability Management, Intrusion Detection, Internet- und E-Mail-Filter sowie Technologien für die Remote-Verwaltung und Sicherheitsservices für Unternehmen weltweit. Die Consumermarke für Sicherheitsprodukte Norton ist weltweit marktführend im Einzelhandel und hat zahlreiche Auszeichnungen der Branche bekommen. Das im Jahr 1982 gegründete Unternehmen ist in Cupertino, Kalifornien, beheimatet und vertreibt seine Produkte in 37 Ländern. Für mehr Informationen besuchen Sie uns unter

Andrea Wolf | ots
Further information:,

More articles from Communications Media:

nachricht Product placement: Only brands placed very prominently benefit from 3D technology
07.07.2016 | Alpen-Adria-Universität Klagenfurt

nachricht NASA Goddard network maintains communications from space to ground
02.03.2016 | NASA/Goddard Space Flight Center

All articles from Communications Media >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Etching Microstructures with Lasers

Ultrafast lasers have introduced new possibilities in engraving ultrafine structures, and scientists are now also investigating how to use them to etch microstructures into thin glass. There are possible applications in analytics (lab on a chip) and especially in electronics and the consumer sector, where great interest has been shown.

This new method was born of a surprising phenomenon: irradiating glass in a particular way with an ultrafast laser has the effect of making the glass up to a...

Im Focus: Light-driven atomic rotations excite magnetic waves

Terahertz excitation of selected crystal vibrations leads to an effective magnetic field that drives coherent spin motion

Controlling functional properties by light is one of the grand goals in modern condensed matter physics and materials science. A new study now demonstrates how...

Im Focus: New 3-D wiring technique brings scalable quantum computers closer to reality

Researchers from the Institute for Quantum Computing (IQC) at the University of Waterloo led the development of a new extensible wiring technique capable of controlling superconducting quantum bits, representing a significant step towards to the realization of a scalable quantum computer.

"The quantum socket is a wiring method that uses three-dimensional wires based on spring-loaded pins to address individual qubits," said Jeremy Béjanin, a PhD...

Im Focus: Scientists develop a semiconductor nanocomposite material that moves in response to light

In a paper in Scientific Reports, a research team at Worcester Polytechnic Institute describes a novel light-activated phenomenon that could become the basis for applications as diverse as microscopic robotic grippers and more efficient solar cells.

A research team at Worcester Polytechnic Institute (WPI) has developed a revolutionary, light-activated semiconductor nanocomposite material that can be used...

Im Focus: Diamonds aren't forever: Sandia, Harvard team create first quantum computer bridge

By forcefully embedding two silicon atoms in a diamond matrix, Sandia researchers have demonstrated for the first time on a single chip all the components needed to create a quantum bridge to link quantum computers together.

"People have already built small quantum computers," says Sandia researcher Ryan Camacho. "Maybe the first useful one won't be a single giant quantum computer...

All Focus news of the innovation-report >>>



Event News

#IC2S2: When Social Science meets Computer Science - GESIS will host the IC2S2 conference 2017

14.10.2016 | Event News

Agricultural Trade Developments and Potentials in Central Asia and the South Caucasus

14.10.2016 | Event News

World Health Summit – Day Three: A Call to Action

12.10.2016 | Event News

Latest News

Greater Range and Longer Lifetime

26.10.2016 | Power and Electrical Engineering

VDI presents International Bionic Award of the Schauenburg Foundation

26.10.2016 | Awards Funding

3-D-printed magnets

26.10.2016 | Power and Electrical Engineering

More VideoLinks >>>