--=-+QGwP6xZmtk4cdOcrujq Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Way to go speakeasy!!!! -----Forwarded Message----- From: Speakeasy.net To: members-all@announce.speakeasy.net Subject: IMPORTANT: SPEAKEASY SECURITY ALERT Dear Speakeasy Members, Over the last 3 months, we have been battling it out with the "Code Red" worm. Just as we were beginning to believe the worst was behind us, we have now learned that there is yet another hostile bit of rogue data coursing it's way around the Internet. This new so-called "Nimda" worm, unlike it's Code Red predecessor, affects not only Windows 2000/NT/XP running IIS, but Windows 95/98/ME as well. It goes without saying that the damage potential for this worm is exponentially greater than the Code Red worm. It is for this reason we urge you to apply the proper fix to your machines ASAP -- if you have not done so already. PLEASE NOTE: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D The affects of this worm are detrimental to all and we'd like to give each member a chance to secure their machines. However, after 9/23/01, Speakeasy's Abuse Team will be freezing the DSL circuit hooked to any machine infected with the worm. We apologize for the inconvenience of this, but it is imperative that we ensure our network is not assisting in the propogation of this, or any, worm. All of us are part of a larger community, and it really isn't cool to infect your neighbors. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Known methods of infection include: - Sent to victim as an email attachment - Browsing a website on an infected host - Unprotected fileshares For a detailed description of this worm, we recommend these third-party sites: http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html or http://www.f-secure.com/v-descs/nimda.shtml Speakeasy is not responsible for the information provided by these companies, but we feel this is the best available regarding Nimda. Following is patch information Microsoft has provided in regard to securing your machines against Nimda. If you're unsure of how to apply the patches correctly, we recommend you call Microsoft. Speakeasy is not responsible for any issues that may result from following these processes. ::: Windows 98/ME users ::: - Visit http://www.microsoft.com/technet/treeview/default.asp?url=3D/techne= t/security/topics/Nimda.asp - Apply the appropriate fix for Internet Explorer 5.01, 5.5, or 6 - Reboot ::: Windows 2000 ::: - Visit http://www.microsoft.com/technet/treeview/default.asp?url=3D/techne= t/security/topics/Nimda.asp - Download and apply Sp2 if it is not already installed on your machine - Apply the appropriate patches - Reboot ::: Windows NT4 ::: Although the links below describe how to secure Windows NT Server, if you are running IIS, we STRONGLY recommend that you call Microsoft and have them walk you through updating the server. This process is not full-proof and is rather difficult to do correctly -- applying the patches in the wrong order could potentially prevent your machine from being properly secured against this worm. - Visit http://www.microsoft.com/ntserver/sp6asrp.asp - Download and apply Service Pack 6a - Download and apply Post-SP6a Security Rollup Package - Visit http://www.microsoft.com/technet/treeview/default.asp?url=3D/technet/secur= ity/topics/Nimda.asp - Apply appropriate security patches - reboot There is also a tool available from Microsoft for those newer to running IIS called the "IIS Lockdown Tool" which can be downloaded from: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=3D32362 ::: Anti-Virus Software ::: Here's some links for trial versions of Anti-Virus software: Symantec: http://www.symantecstore.com/dr/v2/ec_dynamic.main?sp=3D9&pn=3D16&sid=3D276= 74 McAfee: http://download.mcafee.com/eval/platform-language2.asp?l=3D0&prdc=3D27&s=3D= HOME&o=3D10&zz=3DVirusScan&img=3Dvs1.gif Trend Micro: http://www.antivirus.com/pc-cillin/download/ F-Secure: http://www.fsecure.com/download-purchase/ We appreciate your prompt attention to this matter and thank you for your assistance in decreasing the detrimental affect this could have on our overall network. The Speakeasy Crew --=20 "I guess I'll never forget her. And maybe I don't want to. Her spirit was wild, like a wild monkey. Her beauty was like a beautiful horse being ridden by a wild monkey. I forget her other qualities." --Jack Handley, The New Mexican 1988 --=-+QGwP6xZmtk4cdOcrujq Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA7qkEpjpHZ/aPnU7cRAt0bAJ9DkzPgYiReo0TgosBmIOf/xmTmyACgxJiX H0Qb81i0hN+FIyAKEOEWBK0= =FgqV -----END PGP SIGNATURE----- --=-+QGwP6xZmtk4cdOcrujq--