Feeds

Teenage Mutant Nimda email rides the Code Red worm

AV tools light up like a Xmas tree

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Updated again A mass mailing email worm that contains exploit components from the infamous Code Red worm has appeared on the Internet, and appears to be spreading fast.

Nimda, which spreads though an infected email attachment, appears at the user's In-box with a random subject line and no body text. It comes with attachments called readme.exe and an HTML file. Users are advised to open neither and delete suspicious emails.

The malicious code contains an exploit string similar to that in the Code Red worm which is causing software tools that detect Code Red to "light up like Christmas trees", we hear.

MessageLabs, a managed services firm which scans its customers email for viruses, has intercepted 164 copies of the virus so far, after it first appeared this afternoon, possibly originating from Korea.

Graham Cluley, senior technology consultant at Sophos, said early analysis suggested the virus tries to add malicious JavaScript to Web pages on IIS servers that are vulnerable to the Code Red worm. But how the virus works remains unclear.

AV software vendors are busily updating their software to detect the worm. ®

Update

An increase in port 80 scanning relating to the Nimda worm - which attempts to hit IIS boxes with many different exploits - has been reported by CERT. Its scanning activities might result in some overall slowdown of the Internet.

Central Command has published a more detailed description of the worm which states that although the body of an email appears blank, it contains code that will execute if a user views a message in either Outlook or Outlook Express.

To spread, Nimda uses MAPI (Mailing API) functions in order to extract email addresses, according to Central Command.

Another method to spread is by using a Unicode Web Traversal exploit similar to Code Blue targets which, as previously reported, tries to reprogramme systems previously infected by the Code Red worm.

Related Stories

Code Blue targets Red China
Code Red busting code gets cool reception
Code Red and the Cisco Side Effect
Son of Code Red is born
Users haven't learned any lessons from the Love Bug
A plague on all our networks
Linux Trojan spotted in the wild
SirCam tops Virus charts

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.