Aardvark Daily aardvark (ard'-vark) a controversial animal with a long probing nose used for sniffing out the facts and stimulating thought and discussion.

NZ's leading source of Net-Industry news and commentary since 1995
Australasia's "New Economy" News And Commentary Site
Headlines | XML feed | Contact | New Sites | Press Bin | Job Centre | News Search | For Sale
Day 8, The Holy War
7amNews.com's concise coverage of the Terrorist attacks and the USA's inevitable response continues. The Taliban are threatening a holy war against the USA. Get the latest reports.

For all the latest headlines and links on the terrorist attacks and US retaliation, check out the new World At War page.

A New Tripple-Threat Worm Strikes The Net 19 September 2001 Edition
Previous Edition

Million $ Ideas
At last, the contents of Aardvark's "million-dollar ideas" notebook are revealed for all to see!
Click To See
Just when you thought it was safe to go back on the Net, in the wake of the Love Bug, SirCam, Code Red, Code Red II, etc, reports are surfacing of a decidedly evil new worm that will try and wreck your day using a number of exploits.

Although information is pretty sketchy at the moment, this new worm, known so far as "Nimda" or "readme.exe" appears to take advantage of a number of flaws in Microsoft Windows-based software.

It is spreading like wildfire through a number of mechanisms.

As with many of its predecessors, the worm is being delivered as an email attachment -- but with the twist that, according to some reports, it can execute automatically on PCs using MS Outlook, rather than requiring the user to open that attachment.

It is very network-aware and once a single machine on a LAN or WAN becomes infected, it tries to exploit any open shares to spread throughout that network.

And, it also infects any unpatched IIS webservers it can find using direct probes across the Net in a manner similar to the now infamous Code Red.

Need Cutting-Edge Copy?
As NZ's longest-running online commentator, I'm looking for extra syndication opportunities for this daily publication -- or I'm happy to write casual or regular material specifically to order for print or Net-based publications. If you're interested, drop me a line

But wait -- there's more!

If it manages to compromise an IIS webserver, the default.asp page is altered so that it automatically tries to serve a file called readme.eml containing a bogus MIME header that sees it pretending to be an innocuous .wav file -- but which actually spawns a new Javascript window and does goodness knows what.

But wait -- there's even more!

As a result of all the port 80 probes being generated by IIS servers infected by this worm, the Net is once again being flooded with masses of bogus HTTP requests that are starting to waste enormous amounts of bandwidth.

One estimate suggests that there are over a million IIS servers on the Net still vulnerable to this kind of exploit.

Readers Say
(updated hourly)
From Yesterday...
  • I'd rather they blew something up offshore!... - Adam
  • FBI - You don't WANT feedback... - Rob
  • NZ as a Data Haven?... - Martnz
  • relations... - Dominic
  • NZ... - Sam
  • Have Your Say

    There has been some speculation that this little demon is somehow related to the terrorist bombings in the USA (what isn't these days) -- mainly because it first appeared exactly a week (to the hour) after the first airliner hit the World Trade Center.

    The FBI are investigating possible links.

    So, what are you going to do to avoid getting hosed by this worm?

    All the usual recommendations apply -- get the latest bug/security patches from Microsoft (aren't you getting tired of that now?), update your anti-virus software and remain vigilant.

    However, at least one user claims that their IIS server was hit even though it had all the latest security patches installed and other supposedly "hard" systems have also reported to have been compromised.

    If you're running Internet Explorer you might also want to use the Tools -> Internet Options -> Advanced menu selections and uncheck the "Play sounds in web pages" option so that if you hit a compromised website you're less likely to have the "readme.eml" file explode in your face.

    Although I can't confirm it, Netscape and Opera users should be safe since the .eml file is an outlook-specific type. Perhaps some smart Aardvark reader can comment?

    One way reducing the risk of being hit by an infected webpage will be to disable Javascript, since the file is delivered by this piece of code:

    <script language="JavaScript">window.open("readme.eml", null, "resizable=no,top=6000,left=6000 ") </script>

    Wouldn't it be nice if we could just all get along together without feeling the need to ruin other people's days?

    Here are some links for more information on this worm:

    Save The Aardvark Fund
    Yes, I have had several donations to the Aardvark fund and I thank those who put their money where their mouse is :-)

    If guilt is gnawing away inside you then there's still time to donate.

    Just drop by and hand over your loot.


    Free News Syndicated From 7amNews.com
    Add it to your own site
    Net/Tech

    MP3/Net-Music


    Add Aardvark To Your Own Website!
    Got a moment? Want a little extra fresh content for your own website or page?

    Just add a couple of lines of JavaScript to your pages and you can get a free summary of Aardvark's daily commentary -- automatically updated each and every week-day.

    Aardvark also makes a summary of this daily column available via XML using the RSS format. More details can be found here.

    Contact me if you decide to use either of these feeds and have any problems.

    Did you tell someone else about Aardvark today? If not then do it now!

    There is/are 0 Vacancies Last added 2 July In The Job Centre

    There are 14 Domain Names for sale

    Latest
    Security Alerts
    Microsoft tightens software security (CNet - 16/08/2001t)

    Code Red Worm A 'Runaway Success' (7amNews - 20/07/2001)

    Solaris bug gives hackers free rein (ZDNet - 22/06/2001)

    Microsoft Admits Another 'Serious Vunerability' In IIS 7amNews - 19/06/2001)

    Latest
    Virus Alerts
    New worm spreading slowly (CNet - 4/09/2001)

    Trojan horse breaks Windows PCs (ZDNet - 24/08/2001)

    'Sircam' Worm Getting Hotter (Wired - 20/07/2001)

    Bookmark This Page Now!

     

    MORE NEWS
    NZL Sites
    IDG.Net.nz
    NZ Netguide
    NZ Herald Tech
    PC World NZ
    Scoop
    NZ.Internet.com
    NZOOM Technology

    AUS Sites
    Fairfax IT
    Australian IT
    AFR Tech
    AUS Netguide
    NineMSN Tech
    APC Magazine

    USA Sites
    Wired.com
    CNet
    CNNfn Tech
    TechWeb
    Yahoo Tech
    ZDNet Tech
    USA Today Tech
    7am.com SciTech

    UK Sites
    The Register
    BBC SciTech

     

    The Day's Top News
    Open in New Window = open in new window
    New Zealand

    Open in New Window Xtra users angered by plan changes
    As part of changes to its pricing plans announced last week, Xtra has removed from its customers the opportunity to pay for the internet time they use on a strictly proportional basis...
    IDG

    Open in New Window Select Committee makes changes to Telecomms Bill
    The select committee reviewing the Telecommunications Bill has reported back to Telecommunications Minister Paul Swain and has made several changes to the draft bill...
    IDG

    Other

    Open in New Window Hacker Group Condemns Hacks on Taliban Sites
    In the days after the attacks on the World Trade Center and the Pentagon, hackers have waged war against sites linked to Afghanistan's Taliban rulers, while an anonymous virus pretending to offer new information on the mayhem is infecting computers...
    Yahoo

    Open in New Window Compaq readies release of new iPaq
    Compaq Computer will announce that it will begin shipping two iPaq handhelds using the new version of Microsoft's Pocket PC software...
    CNet

    Open in New Window U.S. citizens back encryption controls
    A poll finds widespread support for a ban on "uncrackable" encryption products, following proposals in Congress to tighten restrictions on software that scrambles data...
    CNet

    Open in New Window Internet Helps Propel Donations
    Charities have already collected more than $200 million for victims of the terrorist attacks, much of it spurred by the ease of donating over the Internet....
    Yahoo/AP

    Open in New Window Electronic Arts Restarts 'Majestic' Online Game
    Electronic Arts Inc. , the largest U.S. video game publisher, said on Tuesday it would restart its popular online game ``Majestic,'' after suspending it for a week due to the World Trade Center attacks...
    Yahoo

    Australia

    Open in New Window Privacy guidelines 'gutted'
    NEWLY released privacy guidelines have been slammed by consumer and privacy groups after a last-minute revision...
    Australian IT

    Open in New Window Aust: Encryption crackdown gets thumbs down
    Proposals by the US government for a global ban on sophisticated encryption tools, thought to have been used in the recent terrorist raids on the States, have been met with concern in Australia...
    ZDNet

    Other

    Open in New Window Disposable phones--a security risk?
    Hop-On Wireless Chief Executive Peter Michaels and the rest of the nascent disposable cell phone industry are scrambling to defend a product that hasn't made it into the United States yet, but is a target of the nation's top crime fighters as they crack down on terrorism...
    ZDNet

    Open in New Window Free Software Foundation, FSMLabs settle patent flap
    The Free Software Foundation and FSMLabs, the company that distributes RTLinux, have reached an agreement in principle that resolves the Foundation's claims that FSMLabs used a patent license to violate the GNU General Public License...
    ZDNet

    Open in New Window Why They're Agog over Google
    In the aftermath of the terrorist attacks on New York and Washington on Sept. 11, popular news Web sites such as CNN.com and ABCNEWS.com were overwhelmed with a deluge of people grasping for the latest information...
    BusinessWeek

    Open in New Window AMD names next Athlon after Windows XP
    AMD is taking its lead from the Beast of Redmond, and in a desperate bid to imply new, relevant and up-to-date technology, will name its next desktop processor the Athlon XP - after Microsoft's new version of Windows...
    The Register

    Open in New Window eBay reaffirms 3Q
    Online auction service eBay Inc. said Tuesday it remains comfortable with Wall Street's third-quarter estimates of 11 cents a share in earnings and $185 million in revenue despite last week's terrorist attack on the United States...
    CNN


    Looking For More News or Information?

    Google
    Search WWW Search Aardvark
    Try the Aardvark News Search page or look here.co.nz

    Privacy Policy | Copyright © 2001, Bruce Simpson, free republication rights available on request

    jet engine page