GEN:SID | 1:1294 |
Message | NETBIOS nimda .nws |
Summary | This event is generated when traffic indicating Nimda worm activity is detected.
|
Impact | Possible infection by the Nimda virus.
|
Detailed Information | Nimda spreads by file infection, mass emailer, file share, or IIS unicode exploit to attack unpatched systems.
|
Affected Systems | Windows 95 Windows 98 Windows ME Windows 2000
|
Attack Scenarios | An unpatched server is connected to the internet and is infected or an infected email is opened. Once infected the worm spreads itself.
|
Ease of Attack | Simple
|
Corrective Action | Check the suspect host for signs of infection. Apply patches or upgrade the operating system
|
Additional References | Microsoft: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/virus/nimda.asp
F-Secure: http://www.f-secure.com/v-descs/nimda.shtml
|
Rule References | url: www.f-secure.com/v-descs/nimda.shtml
|