VIRUS: SMTP NIMDA (readme.exe)

This signature detects e-mail attachments named "readme.exe" sent through SMTP. This can indicate the e-mail virus Nimda is attempting to enter the system. The executed file installs to the Windows directory, edits the Registry to run the virus on reboot, and infects Internet-related files. Nimda then obtains e-mail addresses and sends infected messages to all addresses found using its own SMTP server.

Extended Description

Nimda has following payload: large scale e-mailing, replaces and modifies files, degrades system performance, and installs a backdoor.

References

CVE: CVE-1999-0660

URL: http://www.f-secure.com/v-descs/nimda.shtml http://secunia.com/virus_information/7159 http://www.sophos.com/virusinfo/analyses/w32nimdaa.html

Short Name

VIRUS:SMTP:NIMDA

Severity

Major

Recommended

False

Recommended Action

Drop

VIRUS: SMTP NIMDA (readme.exe)

Extended Description

References

Found a potential security threat?