| GEN:SID | 1:1293 |
| Message | NETBIOS nimda .eml |
| Summary | This event is generated when traffic indicating Nimda worm activity is detected.
|
| Impact | Possible infection by the Nimda virus.
|
| Detailed Information | Nimda spreads by file infection, mass emailer, file share, or IIS unicode exploit to attack unpatched systems.
|
| Affected Systems | Windows 95 Windows 98 Windows ME Windows 2000
|
| Attack Scenarios | An unpatched server is connected to the internet and is infected or an infected email is opened. Once infected the worm spreads itself.
|
| Ease of Attack | Simple
|
| Corrective Action | Check the suspect host for signs of infection. Apply patches or upgrade the operating system
|
| Additional References | Microsoft: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/virus/nimda.asp
F-Secure: http://www.f-secure.com/v-descs/nimda.shtml
|
| Rule References | url: www.f-secure.com/v-descs/nimda.shtml
|