PDA

View Full Version : Technical Question: Help



wws
08/10/2001, 12:33 PM
Pats Message Board on Vantagenet
People are saying that it is infected with the Nimda virus....i don't think u can unknowingly infect your computer by just viewing the page .....I think it can prompt u to download a file ....if u do that well than maybe u could get the virus on your system

will one of u techies explain the true story without the mumbo jumbo or links to some norton page

dahamsta
08/10/2001, 12:44 PM
I'm not entirely familiar with Nimda, but I doubt very much it's just the Pats board that is infected. Worms/virii (most are a mixture of both these days) typically infect entire machines, which would mean that the whole of Vantagenet is infected. If that's the case, you can be sure they'll have noticed it by now, but an email to them probably wouldn't do any harm. I very much doubt there's anything you can do anyway, besides warning your users.

As to the actual worm itself, a quick search on Google (http://www.google.com/search?client=googlet&q=nimda) reveals the most important resources - Symantec, CERT, etc. Either have a look at those yourself and let people know the details, or point them to them.

Can it infect other users? Sure it can - virii/worms invariably propogate themselves by getting users to open applications. For the most part, users are quite naive (read "stupid", in light of the continuin saga), and will open them...

adam

wws
08/10/2001, 1:01 PM
yeah i dont run the Pats board but the owner has done the stuff u say but my point was and you appear to be confirming it is that u cant unknowingly download from viewing a webpage?

as in it will prompt u?

in which case i dont have it as far as i know

dahamsta
08/10/2001, 1:21 PM
I find the Symantec (http://www.symantec.com/avcenter/) site the best for simple, easy-to-understand virus and information. Here's some snippets from the Nimda (http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html) page:


If you visit a compromised Web server, you will be prompted to download an .eml (Outlook Express) email file, which contains the worm as an attachment. You can disable "File Download" in your Internet Explorer internet security zones to prevent this compromise.

So it depends on your security settings. The default on most Windows machines is "prompt", which means, as you suggest, that you'll be prompted to open the attachment (in the form of an email). Nimda will be attached to this in turn. The proper action is of course to hit Cancel and ignore it.

Some people may have weaker security settings though, which will allow Outlook or Outlook Express to open the email automatically, but as far as I can see they will still expressly have to try and open the attachment. With this weaker security though, it's likely the attachment will open without prompting, leading to infection.

The solution is simple - don't open the email *or* the attachment. This should be a general guideline for all downloads and attachments anyway. Even from friends, because worms and virii propogate mostly through address books these days. So unless you're expecting something, don't open it. Difficult I know, but if you want to avoid infection...

A final note - disabling file download in Windows will disable it across the board, which isn't very desirable, and in my opinion it over the top. Just use common sense.

If anyone thinks they're infected with Nimda, visit the link to the Symantec page above, you'll find a removal tool.

adam

wws
08/10/2001, 4:14 PM
will check that later, cheers

dahamsta
08/10/2001, 9:28 PM
No bother.

adam