[Fwd: IMPORTANT: SPEAKEASY SECURITY ALERT]
Nathan England
plug-discuss@lists.PLUG.phoenix.az.us
20 Sep 2001 12:19:05 -0700
--=-+QGwP6xZmtk4cdOcrujq
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Way to go speakeasy!!!!
-----Forwarded Message-----
From: Speakeasy.net <no-reply@speakeasy.net>
To: members-all@announce.speakeasy.net
Subject: IMPORTANT: SPEAKEASY SECURITY ALERT
Dear Speakeasy Members,
Over the last 3 months, we have been battling it out with the "Code Red"
worm. Just as we were beginning to believe the worst was behind us, we
have now learned that there is yet another hostile bit of rogue data
coursing it's way around the Internet.
This new so-called "Nimda" worm, unlike it's Code Red predecessor, affects
not only Windows 2000/NT/XP running IIS, but Windows 95/98/ME as well. It
goes without saying that the damage potential for this worm is
exponentially greater than the Code Red worm. It is for this reason we
urge you to apply the proper fix to your machines ASAP -- if you have not
done so already.
PLEASE NOTE:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
The affects of this worm are detrimental to all and we'd like to give each
member a chance to secure their machines. However, after 9/23/01,
Speakeasy's Abuse Team will be freezing the DSL circuit hooked to any
machine infected with the worm. We apologize for the inconvenience of
this, but it is imperative that we ensure our network is not assisting in
the propogation of this, or any, worm. All of us are part of a larger
community, and it really isn't cool to infect your neighbors.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Known methods of infection include:
- Sent to victim as an email attachment
- Browsing a website on an infected host
- Unprotected fileshares
For a detailed description of this worm, we recommend these third-party
sites:
http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html
or
http://www.f-secure.com/v-descs/nimda.shtml
Speakeasy is not responsible for the information provided by these
companies, but we feel this is the best available regarding Nimda.
Following is patch information Microsoft has provided in regard to
securing your machines against Nimda. If you're unsure of how to apply
the patches correctly, we recommend you call Microsoft. Speakeasy is not
responsible for any issues that may result from following these processes.
::: Windows 98/ME users :::
- Visit
http://www.microsoft.com/technet/treeview/default.asp?url=3D/techne=
t/security/topics/Nimda.asp
- Apply the appropriate fix for Internet Explorer 5.01, 5.5, or 6
- Reboot
::: Windows 2000 :::
- Visit
http://www.microsoft.com/technet/treeview/default.asp?url=3D/techne=
t/security/topics/Nimda.asp
- Download and apply Sp2 if it is not already installed on your machine
- Apply the appropriate patches
- Reboot
::: Windows NT4 :::
Although the links below describe how to secure Windows NT Server, if you
are running IIS, we STRONGLY recommend that you call Microsoft and have
them walk you through updating the server. This process is not full-proof
and is rather difficult to do correctly -- applying the patches in the
wrong order could potentially prevent your machine from being properly
secured against this worm.
- Visit
http://www.microsoft.com/ntserver/sp6asrp.asp
- Download and apply Service Pack 6a
- Download and apply Post-SP6a Security Rollup Package
- Visit
http://www.microsoft.com/technet/treeview/default.asp?url=3D/technet/secur=
ity/topics/Nimda.asp
- Apply appropriate security patches
- reboot
There is also a tool available from Microsoft for those newer to running
IIS called the "IIS Lockdown Tool" which can be downloaded from:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=3D32362
::: Anti-Virus Software :::
Here's some links for trial versions of Anti-Virus software:
Symantec:
http://www.symantecstore.com/dr/v2/ec_dynamic.main?sp=3D9&pn=3D16&sid=3D276=
74
McAfee:
http://download.mcafee.com/eval/platform-language2.asp?l=3D0&prdc=3D27&s=3D=
HOME&o=3D10&zz=3DVirusScan&img=3Dvs1.gif
Trend Micro:
http://www.antivirus.com/pc-cillin/download/
F-Secure:
http://www.fsecure.com/download-purchase/
We appreciate your prompt attention to this matter and thank you for your
assistance in decreasing the detrimental affect this could have on our
overall network.
The Speakeasy Crew
--=20
"I guess I'll never forget her. And maybe I don't want to. Her spirit
was wild, like a wild monkey. Her beauty was like a beautiful horse
being ridden by a wild monkey. I forget her other qualities."
--Jack Handley, The New Mexican
1988
--=-+QGwP6xZmtk4cdOcrujq
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQA7qkEpjpHZ/aPnU7cRAt0bAJ9DkzPgYiReo0TgosBmIOf/xmTmyACgxJiX
H0Qb81i0hN+FIyAKEOEWBK0=
=FgqV
-----END PGP SIGNATURE-----
--=-+QGwP6xZmtk4cdOcrujq--