This is a special alert from The Funny/Alerts Newsletter.

Symantec - Security Alert - W32.Nimda.E@mm - Category 3

Name of Threat: W32.Nimda.E@mm
Category Rating: 3
Type: Virus
Status Last Updated: October 30, 2001 03:25:04 AM Pacific
Certified Definitions Posted: October 30, 2001 3:15 AM Pacific Actual

Additional Information:
Due to an increase in submissions, Symantec Security Response is upgrading the threat assessment of W32.Nimda.E@mm from Category 2 to Category 3.

Certified Virus Definitions have been posted today (3am Pacific Time).

A tool for this variant is being developed. ETA is unknown.

W32.Nimda.E@mm is a new version of W32.Nimda.A@mm that contains bug-fixes and other modifications, which are designed to prevent detection of this variant by antivirus programs.

This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of file names used by the worm:

The attachment received has been changed to: Sample.exe
The dropped .dll file is now: Httpodbc.dll
The worm now copies itself to the \Windows\System folder as Csrss.exe instead of Mmc.exe

NOTE: Norton AntiVirus and McAfee AntiVirus already detect Infected HTML files as W32.Nimda.A@mm (html).

This threat can infect all unprotected users of Win9x/NT/2000/ME.

Its main goal is simply to spread over the Internet and Intranet, infecting as many users as possible and creating so much traffic that networks are virtually unusable. 

All users running Microsoft Internet Explorer (ver 5.01 or 5.5 without SP2), are advised to install the patch for the "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability."

See past Funny/Alert Newsletter issue #011001 for more info.

Please take a prudent level of minimum due care.