Nimda - The real deal

  • Two Factor Authentication is now available on BeyondUnreal Forums. To configure it, visit your Profile and look for the "Two Step Verification" option on the left side. We can send codes via email (may be slower) or you can set up any TOTP Authenticator app on your phone (Authy, Google Authenticator, etc) to deliver codes. It is highly recommended that you configure this to keep your account safe.
T

the real pacman

Gwen's my hoe
Sep 1, 2000
2,044
0
0
41
W32.Nimda.A@mm is a mass-mailing worm that utilizes multiple methods to spread itself. The name of the virus came from the reversed spelling of "admin". The worm sends itself out by email, searches for open network shares, attempts to copy itself to unpatched or already vulnerable Microsoft IIS web servers, and is a virus infecting both local files and files on remote network shares.

The worm uses the Unicode Web Traversal exploit. A patch for computers running Windows NT 4.0 Service Packs 5 and 6a or Windows 2000 Gold or Service Pack 1 and information regarding this exploit can be found at http://www.microsoft.com/technet/security/bulletin/ms00-078.asp.

When the worm arrives by email, the worm uses a MIME exploit allowing the virus to be executed just by reading or previewing the file. Information and a patch for this exploit can be found at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

If you visit a compromised Web server, you will be prompted to download an .eml (Outlook Express) email file, which contains the worm as an attachment. You can disable "File Download" in your Internet Explorer internet security zones to prevent this compromise.

Also, the worm will create open network shares on the infected computer, allowing access to the system. During this process the worm creates the guest account with Administrator privileges.


W32.Nimda Removal tool.
 
Kibbles-N-Bits

Kibbles-N-Bits

New Member
Dec 7, 1999
3,403
0
0
I ended up getting it for about 0.1 seconds. Then my firewall said to me "What the fuck is that?" and killed it. Yay. Power to da NortonZ userZ! :p
 
Bullzeye

Bullzeye

A damn shifty character...
Jan 30, 2001
343
0
0
I'm lost...
HEY MAGIC

I said that before... I believe that very thing.

THose fukkers at McCaffey and $hit are making 'em. Most of them don't do much but when you get a nasty one you have to go purchase an UPDATE to get rid of the damn things.

I could imagine who works for those Virus Scan corporations, MATRIX agent Smith lookin' muther fukkers.
 
T

the real pacman

Gwen's my hoe
Sep 1, 2000
2,044
0
0
41
Virii are not done by AV Manufacturers. Thats the biggest load of **** I heard in a while.

Its actually simple to create your own. Just make sure you do it yourself. The way AV Scanners catch a virus is by searching the lines of code within the program. Meaning if you just made it, its going to work.

The only question is how long will it run efficiently. I used to do this myself. I never got very deep into it. But I used to cause my own amount of s<b></b>hit at school. Pranks on people. Then just all around being a prick.

Virii are just independant code, the way to stop them is have a program scan the code for common strings to tell if its a variant. The happy99 virus managed to get by this, but not for long.

I heard of once a person taking down over 10,000 systems with a simple virii. What he did was code in his own little piece of an already well known virus.

What it did was after execution, alter the code to cover its ass and then spread itself to other systems. When it infected them, it rearranged the code again and spread.

It took norton AV a hellish long time to stop that one. I suggest reading this:

http://neworder.box.sk/tomread.php?newsid=223

Its a rather in depth explanation of virii. My suggested reading, its from an oppinion other than those policing it. This one is by a person who was being policed.
 
CrappyChan

CrappyChan

Come on snow!
Mar 3, 2001
1,069
0
36
im gonna make virus, that doesnt do anything but make a screen pop and say you have a virus, and then it deletes itself.
 
You must log in or register to reply here.
Top Bottom