W32@nimda.a@mm Virus Warning

This new worm appears to spread by multiple mechanisms:

• from client to client via email
• from client to client via open network shares
• from web server to client via browsing of compromised web sites
• from client to web server via scanning for the back doors left behind by the "Code Red II", and "sadmind/IIS" worms

When the worm arrives by email, the worm uses a MIME exploit allowing the virus to be executed just by reading or previewing the file. Information and a patch for this exploit can be found at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp.

This is a HIGH RISK virus that is spread via email. The infected email can come from addresses that you recognize.W32/Nimda@MM also spreads via open shares, the Microsoft Web Folder Transversal vulnerability (also used by W32/CodeBlue), and a Microsoft content-type spoofing vulnerability. The email attachment name varies and may use the icon for an Internet Explorer HTML document.

For users of McaFee VirusScan, Detection and removal is in the 4159 DAT files. This includes detection and removal for infected .ASP, .DLL, .EML, .EXE, .HTM, .HTML, and .NWS files (with ALL files being scanned).

It is strongly recommended that you update your VirusScan DAT files by clicking on the VirusScan Console (the magnifying glass icon in the lower right-hand corner of your screen), make sure that you have Internet connectivity, double-click on the AutoUpdate entry, and click on the Run Now button.

If you need assistance with updating your VirusScan DAT files, please call the Bruin OnLine Help Desk at (310) 825-7452, Option 1.