[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Blocking the Nimda Worm
From:       Jesse Reynolds <lizst () va ! com ! au>
Date:       2001-09-19 15:37:24
[Download RAW message or body]

Is there any way to use IP Filter to block the Nimba worm's malicious 
HTTP requests?

Nimda uses Code Red work type exploits on IIS web servers. 
Fortunately we don't have any Windows based servers at all so it's 
not affecting us directly, but our network is seeing alot of incoming 
activity from Nimba affected boxes "out there".

More info on Nimda:

http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html

from the above URL:

W32.Nimda.A@mm is a new mass-mailing worm that utilizes multiple 
methods to spread itself. The worm sends itself out by email, 
searches for open network shares, attempts to copy itself to 
unpatched or already vulnerable Microsoft IIS web servers, and is a 
virus infecting both local files and files on remote network shares.
The worm uses the Unicode Web Traversal exploit.  A patch and 
information regarding this exploit can be found at 
http://www.microsoft.com/technet/security/bulletin/ms00-078.asp.

Thanks

-jesse



-- 

       Jesse Reynolds - Virtual Artists Pty Ltd - http://www.va.com.au
                                                  jesse (at) va.com.au

[prev in list] [next in list] [prev in thread] [next in thread]