RE: Concept Virus / Nimda

From: Grab Raham (grabraham@hotmail.com)
Date: 09/18/01 

From: "Grab Raham" <grabraham@hotmail.com>
To: INCIDENTS@securityfocus.com
Subject: RE: Concept Virus / Nimda
Date: Tue, 18 Sep 2001 21:02:33 
Message-ID: <F5035sQtgTIFprhMOgR00001e17@hotmail.com>

I first noticed it when I checked out the defacement at
http://www.moi.gov.ir (URL is still infected) the "ISLAMIC REPUBLIC OF IRAN
- MINISTRY OF INTERIOR website that was defaced by "The Dispatchers". Not
sure if it started there though..

Shawn
-----Original Message-----
From: Gary Warner [mailto:gar@askgar.com]
Sent: Tuesday, September 18, 2001 2:37 PM
To: INCIDENTS@securityfocus.com
Subject: Concept Virus / Nimda

Thanks for the advisory regarding the most recent virus. You might want to
mention also that infected web servers will attempt to attach a "README.EML"
file to every page delivered. As pointed out by George Guninski's advisory
last year, .eml files WILL EXECUTE if viewed in IE 5.0 or higher (unless the
browser has been patched by a microsoft update since December 2000, I
believe)

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com