Hey mike,
I had a 95 workstation that had personal web server running along with Front
Page that was infected. (IIS lite)
Might want to check that out.
-----Original Message-----
From: Peter Chin [mailto:[log in to unmask]]
Sent: Thursday, November 01, 2001 3:42 PM
To: [log in to unmask]
Subject: Re: nimda-e worm
Before you try scrubbing your server again I would recommend throughly
checking your workstations.
Nimda is not a server-only worm like some of it's predecessors, which took
advantage of the same IIS vulnerabilities. There is a potent workstation
component that spreads via email, network shares and infected web sites.
If you have an infected desktop that accesses your server it could be
dropping and/or modifying files on your server.
here Network associates blurb on it:
http://vil.nai.com/vil/virusSummary.asp?virus_k=99209
Peter Chin
Network Administrator
Office of the Controller
Michigan State University
146 Administration Building
East Lansing, MI 48824
Ph. (517) 353-4443
Fx. (517) 353-1046
|