WORM: Nimda Infection Attempt (1)
This signature detects attempts to infect a Microsoft IIS Web server with the Nimda worm. Nimda can infect other Web servers by obtaining e-mail addresses and sending a copy of itself in infected messages using its own SMTP or POP3 server; adding files to a system configured to allow Windows file shares; or posting an infected HTML e-mail to the Web server where it can be accessed through HTTP.
Extended Description
The Nimda worm enables file sharing and creates an administrative account on and infected machine.
Short Name
WORM:NIMDA:SCRIPTS-ROOT
Severity
Minor
Recommended
False
Recommended Action
None
Category
WORM
Keywords
(1) Attempt CVE-1999-0660 Infection Nimda
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
CVSS Score
8.8