09-18-2001, 09:22 PM | #1 |
Ironworks Moderator
Join Date: March 1, 2001
Location: Midlands, South Carolina
Age: 48
Posts: 14,759
|
Someone malisciously planted a virus into our company and Wake Forest this morning.
Some of you saw me on here this morning at work, posting. About 9:30am, I get a screen that asks me to open a file from current location or save to disk. I thought it was something that Ziroc had new for the forum, so I said run from location (saftey precaution I choose to play)...An error came on, saying that explorer could not read file #0000, etc...and terminated without downloading. About 10 minutes after that, we had help desk techs running around asking us all to shut down our PCs. The virus did not come in an e-mail, it came straight from our home page, attached to the web browser. Anyone that logged on to the net this morning was a possible infection. I did not know whether or not any of you escaped this browser virus, since I was online with some of you...Anyway, my PC is still down because the Virus experts are still working on identifying it... Just remember...If the screen comes up and asks you to download something from some unknown source, don't open it. I suspect (as do our executives), that this was done to attack our company, and Wake Forest in particular.. ------------------ Father of the wicked but cute child known as MaryBeth Padre de una niña bien traviosa pero guapa --------------------- Aisukuríimu ga tabetái desu. |
09-18-2001, 11:02 PM | #2 |
Symbol of Cyric
Join Date: May 24, 2001
Location: The Lands of Forever
Age: 39
Posts: 1,132
|
Thanks for the warning Larry, I would hate to be caught unawares by something like this.
-Jafin ------------------ Proud Citizen of the United States of America The Original Arch-Mage of the HADB Destroyer of the evil Bunnies Proprietor of the Boogre Bar |
09-19-2001, 12:27 PM | #3 |
Ironworks Moderator
Join Date: March 1, 2001
Location: Midlands, South Carolina
Age: 48
Posts: 14,759
|
Most recent information. Please read...
The virus was sent to companies with Internet Servers. Yet, anyone that logged onto one of these servers can infect their home PC, and thus spread it to other PCs. The file name is W32/Nimda.eml(ED) This virus spread world-wide in 30 minutes. ------------------ Father of the wicked but cute child known as MaryBeth Padre de una niña bien traviosa pero guapa --------------------- Aisukuríimu ga tabetái desu. |
09-19-2001, 12:52 PM | #4 |
Baaz Draconian
Join Date: April 8, 2001
Location: Nottingham, UK
Age: 44
Posts: 786
|
Something on the BBC website.
A Windows worm that tries almost every trick in the book to infect computers is steadily spreading across the net. The malicious program, named Nimda, attacks both personal computers, network servers. The virus can even be contracted just by browsing webpages generated by infected servers. It spreads by plundering address books to generate lists of recipients it can send itself to, looks for common loopholes in some versions of Windows web server software and uses hijacked machines to search for more targets. Although spreading quickly experts said the worm was unlikely to cause widespread disruption, but they warned people to be on their guard. Infection invitation "The reason it's become so widespread is because it not only travels via e-mail but it contaminates web sites as well," said Graham Cluley, senior technical consultant for Sophos Antivirus. Once it has infected a web server the Nimda Windows worm scans the net for machines that have not installed patches for well-known vulnerabilities. It looks for the loophole that Code Red exploited as well as 16 others. It can affect machines running Windows 98, 95, Me, NT and 2000. The worm may cause disruption to some networks because it makes infected machines carry out up to four times as many scans as those compromised by Code Red. Infected machines also hide a copy of the virus on the webpages they display. Browsing these pages with certain unpatched versions of Internet Explorer will mean that machine is infected. According to the Computer Emergency Response Team some browsers will automatically run the downloaded file. The Nimda worm also uses other methods to spread. It scans webpages for e-mail addresses and sends a message to that site with a copy of the worm attached. It can also interrogate copies of a program called Microsoft Exchange that many companies use as a "post office" for the e-mail and messaging systems that their staff use. Attacking terrorism E-mail messages generated by the worm have a random subject line and attach a file plucked randomly from the hard drive of an infected PC. Riding alongside the attachment is a copy of the virus. The worm can also copy itself to any shared directories it finds on networks it has compromised. "This one is the Swiss Army knife of worms," said Dan Ingevaldson, a spokesman for Internet Security Systems. "It really seems to try everything." Although the networks within some businesses have become clogged by the scanning activities of infected machines and e-mail messages they are generating, experts do not think Nimda will cause widespread disruption. Since the Code Red scare in August many vulnerable machines have been patched and far fewer are now at risk. The panic over Code Red began when a variant of the original worm infected more than 250,000 machines in only a few hours. Analysis after the outbreak revealed that the web traffic jams attributed to Code Red were due to a train crash in a tunnel that severed key net cables. Although some hackers have targeted websites seen as sympathetic to the terrorists behind last week's attack on the World Trade Centre US Attorney General John Ashcroft said there was no sign that the release of Nimda was another retaliatory attack. "There is no evidence at this time which links this infection to the terrorist attacks of last week," he said. The FBI also warned that a group of hackers calling themselves the Dispatchers were set to launch attacks "against organisations associated with the perceived perpetrators of the 11 September, 2001 terror attacks." The FBI said the group was targeting computer systems used by communications and finance firms and said they would ramp up their activities Tuesday 18 September. |
09-19-2001, 01:19 PM | #5 |
Emerald Dragon
Join Date: March 12, 2001
Location: spokane wa usa
Age: 40
Posts: 926
|
Thanks for the heads up Larry its good to know when we are in danger.
------------------ All blades cut, be they made from metal or wood, but the sharpest and deadliest blade is the one of knowledge. An Archmage of the HADB |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Here is the Escape from Undermountain Box Art!! | Ziroc | NWN Mod: Escape from Undermountain | 9 | 10-02-2003 04:30 PM |
DOJ's own internal Report Alleges Patriot Act Civil Rights Violations | Timber Loftis | General Discussion | 1 | 07-21-2003 11:43 AM |
VIRUS-ALERT get anti virus patch here | TheCrimsomBlade | General Conversation Archives (11/2000 - 01/2005) | 2 | 09-20-2001 12:17 AM |
Shrine escape! | angelfirewest | Wizards & Warriors Forum | 1 | 06-09-2001 01:46 PM |
BELT OF INTERNAL BARRIER!!!??? | UnForGiven | Baldurs Gate II Archives | 0 | 10-24-2000 06:57 AM |