Nimda Linux=Death To Windows???
Community Support question - to convert into a paid question, click here
Lines in bold below have not yet been seen by the customer - those in blue are from the customer
| Username : Date : Action : Comments [ close all ] |
|
|
|
compu44 : 16/06/02 09:26 AM : Incident created |
|
- I have a system, using 2 hard drives, and dual booting Linux and Windows XP. The main hard drive is a Maxtor 40GB. It has the Linux Partitions in EXT3 and a windows partiton in the XP NTFS. Then I have a 60 GB Maxtor with 2 FAT32 partitions that I use for data storage in both OSes. My problem is that i keep getting Nimda on my Windows XP partiton. I have formatted my Windows partiton and re-loaded, shortly after, Nimda re-appeared. The only thing that has remained on my drive is Linux. The Nimda infection is only appearing on the FAT32 drives, never on the NTFS drive. I am wondering if the virus is in my linux partiton and is spreading to the windows partitons because of course, the fat32 partitons (the ones that get nimda) can be seen in Linux and the NTFS(the one that doesn't get Nimda) can't. Can someone please advise me if I am just crazy or what is going on? Thanks in advance.
|
|
|
|
BeardedUncle : 16/06/02 09:44 AM : Reply received |
|
- Well, nimda is a program, isn't it? So, it should be started one way or
another, right? Suppose, you have it on your Linux partition (I actually
have several viruses that came to my mailbox over time, just out of
curiosity). The only way to start a Windows program under Linux is to use an
emulator, like wine of Win4Lin. Well, you get the picture.
Think of a friend infected with nimda, think about your ISP infected with
nimda (happens more often than you might think). Think of websites you visit
under Windows (nimda exploits vulnerabilities in Outlook and IE by posing as
a sound application) It's not Linux. Lately my wife, who uses Windows, was
infected with it several times in one week. Sh*t happens... :-)
Good Luck,
BeardedUncle
|
|
Attachment
|
|
compu44 : 16/06/02 09:56 AM : More info provided |
|
- Is there any way to keep it from getting in the Windows partiton? Also, if you know, might you be able to elaborate on the OE vulnerability and what this virus does?
|
|
|
|
BeardedUncle : 16/06/02 10:50 AM : Reply received |
|
- OK, here's from the horse's mouth:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/virus/nimda.asp
Here's from McAfee:
http://www.mcafee.com/anti-virus/viruses/nimda/default.asp?cid=2444
http://vil.mcafee.com/dispVirus.asp?virus_k=99209&
In general, a google search on "nimda" gives all available information.
I think I have it saved somewhere, interested? Just kidding.
Well, SuSe claims that its firewall can screen for nimda and filter it out.
Maybe. You can get it on your Win partition
1. When running Windows
2. When running Linux, but saving newsgroup or e-mail attachments and/or web
streams on a FAT drive
There's no way in hell nimda may START under Linux and spread on your Win
partition under Linux.
You just get infected again and again. Funny thing, nimda sends itself to
addresses in your OE address book. If there's a dead address, the message
comes back and infects you again. I also think, it comes back even if
there's no dead addresses.
It appends a javascript code to an html file. Since every once in awhile a
script kiddie stumbles across a way to write a javascript bomb anyway, it's
a good idea to disable javascript by default, and configure your e-mail
reader NOT to render HTML (default in knode and Linux mailreaders anyway,
impossible to do with OE. Get TheBat -- a Windows mailer written by people
with heads on their shoulders).
Good Luck,
BeardedUncle
|
|
Attachment
|
|
compu44 : 20/06/02 07:37 AM : Incident closed |
|
-
|
|
|
|
Language
Search Mandriva Expert
|
