Symantec (Deutschland) GmbH

SYMANTEC PROVIDES COMPREHENSIVE PROTECTION AGAINST W32.NIMDA.A@MM / New Analysis of Computer Worm Indicates Additional Destructive Payload

    CUPERTINO, Calif. (ots) - Symantec Corp. (Nasdaq: SYMC), a world
leader in Internet security, today announced that new analysis of
W32.Nimda.A@mm reveals that the worm contains an additional
destructive payload that will not only require detection, but
removal.  The new analysis indicates that the worm is a file
infector, overwriting .exe files.
    
    W32.Nimda.A@mm is a mass-mailing worm that utilizes multiple
methods to spread itself.  The worm sends itself out by e-mail,
infects machines over the network, and infects unpatched or already
vulnerable Microsoft IIS Web servers.  The worm also has various side
effects, such as increasing network traffic while searching for
machines to infect, which may cause network bandwidth problems.
W32.Nimda.A@mm will also attempt to create security holes by creating
a guest account with administrator privileges and create open shares
on the infected system.
    
    Symantec currently provides an integrated detection and repair
solution against W32.Nimda.A@mm. In one step, users can download a
cure that will simultaneously detect the worm and repair damaged
files. The new definitions are available through Symantec's
LiveUpdate feature or from the Symantec Web site    
http://www.securityresponse.symantec.com/avcenter/download.html ;   
"Using blended Internet security threats - the combination of
viruses, exploits, or vulnerabilities - to attack businesses and
destroy assets, continue to rise," said Vincent Weafer, senior
director of Symantec Security Response. "For the first time, to
combat such a fast spreading threat, Symantec integrated its solution
for W32.Nimda.A@mm to detect and repair in one seamless step.  The
integrated solution allows for quick clean up with little downtime,
while preventing additional infections."
    
    Symantec Security Response recommends that IT administrators
implement the following to stop the propagation of W32.Nimda.A@mm:
    
    * Block e-mails containing a "readme.exe" attachment.
    * Update virus definitions and ensure that firewalls are correctly
        configured.
    * Download the latest security updates for Enterprise Security
        Manager and NetRecon.
    * Install the IIS Unicode Transversal security patch.
    * Install the malformed MIME header execution security patch.
    * Close network share drives.
    
    Additionally, consumers can immediately protect themselves against
the new worm by implementing the following:
    
    * Use Symantec's LiveUpdate feature to obtain the latest virus
        definitions.
    * Use the Windows Update feature located on the "Start" menu on
        Window 95 and higher systems to download new security patches.
    * Disable the "File Download" feature in Internet Explorer to
        prevent compromise.
    
    Both consumers and enterprises can be infected through a variety
of methods.
    
    * E-mail - One of the methods the worm infects PCs though is
e-mail.  The e-mail arrives with an attachment - readme.exe that is
not always visible and contains a randomly generated subject line and
no body message.  The worm uses its own SMTP engine to e-mail itself
out to all the addresses it collects by searching the user's incoming
and outgoing e-mail boxes.  Internet Explorer users v5.01 or v5.5 -
(IE 5 with the Service Pak 2 or later installed or IE 6 are not
affected) will receive a blank e-mail - no subject line, no body and
a hidden attachment.  Just opening the e-mail can infect user's PCs.
For the latest Microsoft security patch, visit
http://www.microsoft.com/windows/ie/download/critical/q290108/default
.asp.
    
    * Shared Drives - PC users with shared drives enabled are also at
risk.  The worm searches for open network shares and will attempt to
copy itself to these systems and then execute. IT administrators
should close all network shared drives.
    
    * Web sites -When users visit a compromised Web site, the server
will run a script attempting to download an Outlook file, which
contains the W32.Nimda.A@mm worm.  The worm will create an open
network share on the infected machine allowing access to the system.
W32.Nimda.A@mm specifically targets versions of IIS servers, taking
advantage of the known Universal Web Traversal exploit (MS Security
Bulletin MS00-078), which is similar to the exploit used in the Code
Red attack.  Compromised servers will display a Web page and attempt
to download an Outlook file that contains the worm as an attachment.
IT Administrators should download the Microsoft security patch for
IIS 4.0 at
http://www.microsoft.com/downloads/Release.asp?ReleaseID=32061 and
for IIS v5.0 at
http://www.microsoft.com/downloads/Release.asp?ReleaseID=32011. ;   
    
    Symantec provides additional protection against W32.Nimda.A@mm
through the following solutions:
    
    * Enterprise Security Manager -Symantec's policy compliance and
vulnerability management system, helps manage security patch update
functions. New patch templates are available that detect the
underlying vulnerability on Windows NT 4.0 and Windows 2000 servers.
    
    * NetProwler - Symantec's network-based intrusion detection tool,
with Security Update 8 installed, is capable of detecting attempts to
attack IIS 4.0 and 5.0 servers through this vulnerability.
      
    * NetRecon - Symantec's network vulnerability assessment tool will
be updated to detect if this vulnerability exists on a system and if
so will provide recommendations on how to fix it.
    
    * Symantec Enterprise Firewall (Raptor Firewall) - Symantec's
application inspection firewall, by default, blocks suspect outbound
data traffic from web servers, like IIS, when operating on the
firewall's service network, thereby stopping the propagation of this,
as well as other types of attacks.

    * Symantec Security Check - This service,
www.symantec.com/securitycheck, has been updated to scan if a system
is vulnerable to this exploit.
    
    * Norton Internet Security - Symantec's integrated security and
privacy suite for consumers can be updated to ensure only trusted
programs access the Internet.
    
    Über Symantec
    Symantec ist weltweit marktführend auf dem Gebiet der
Internet-Sicherheit. Die umfangreiche Palette an Lösungen in den
Bereichen Content und Network Security für Privatanwender und
Unternehmen umfasst Virenschutz, Firewalls und Virtual Private
Networks ebenso wie Vulnerability Management, Intrusion Detection,
Internet- und E-Mail-Filter sowie Technologien für die
Remote-Verwaltung und Sicherheitsservices für Unternehmen weltweit.
Die Consumermarke für Sicherheitsprodukte Norton ist weltweit
marktführend im Einzelhandel und hat zahlreiche Auszeichnungen der
Branche bekommen. Das im Jahr 1982 gegründete Unternehmen ist in
Cupertino, Kalifornien, beheimatet und vertreibt seine Produkte in 37
Ländern. Für mehr Informationen besuchen Sie uns unter
    
ots Originaltext: Symantec (Deutschland) GmbH
Im Internet recherchierbar: http://www.presseportal.de

Ihre Ansprechpartner (NUR PRESSE!) für Rückfragen:
Symantec (Deutschland) GmbH,  
Kaiserswerther Straße 115,
40880 Ratingen,
Telefax:+49 /(0) 0102/7453922

Andrea Wolf
PR Manager
Telefon: +49 ( 0) 21 02 / 74 53-875
mail: awolf@symantec.com

Weitere Informationen sowie Produkt- und Personenfotos erhalten Sie
in unserem Online-Pressezentrum unter
www.symantec.de/region/de/PressCenter/

Original-Content von: Symantec (Deutschland) GmbH, übermittelt durch news aktuell

Weitere Meldungen: Symantec (Deutschland) GmbH

Das könnte Sie auch interessieren: