WORM: Nimda Infection Attempt (3)
This signature detects attempts to infect a Microsoft IIS Web server with the Nimda worm. If successful, Nimda obtains e-mail addresses from the infected system and propagates itself by sending infected messages using its own SMTP or POP3 server to other Web servers. Nimda also adds files to the system configuration to allow Windows file shares; or it posts an infected HTML e-mail to the Web server where it can be accessed through HTTP.
Extended Description
Nimda installs a backdoor, allowing the infected system to be controlled by a remote attacker.
Short Name
WORM:NIMDA:SCRIPTS-CMD
Severity
Minor
Recommended
False
Recommended Action
None
Category
WORM
Keywords
(3) Attempt CVE-1999-0660 Infection Nimda
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
CVSS Score
8.8