On Tue, Sep 18, 2001 at 12:09:43PM -0500, Austad, Jay wrote: > The worm is called Nimba, it's not based on Code Red. It spreads 4 > different ways: > > <snip> > > 4. Via the eml vulnerability in IE versions prior to 6.0 (very few have > upgraded to 6.0). If a webserver has Nimba, it will append a nice piece of > javascript to the end of every web page served which will open an EML file > which will infect the machine viewing the web page. There is no dialog, it > just opens. This bug was discovered by George Guninski about a month or so > ago, and is apparently fixed in IE 6.0. So IE users can get the virus just > by visiting a page on an infected IIS server. Can you provide a link to a write-up on what exactly this item is going to do to an end-user PC? As of about two hours ago, Symantec views it as a low-damage, high-distribution virus, one that is, overall, a low threat. McAfee doesn't seem to know about it at all! -- Scott Raun sraun at fireopal.org