This Week's Best PowerBook G4 Deals

2005.05.25

Low End Mac Reader Specials

Memory To Go Special: MacPro 8 Core Memory 4GB kit $154 / 2GB kit $94, New 2008 iMac 2GB $46. MacBook Pro / MacMini / iMac Intel Core2 DUO 2GB $44 / 1GB $23--Free shipping available.

Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com

LA Computer Company: Specials on AppleCare, iMac's, Apple Batteries and Apple A/C Adapters. Also Great prices on Used Apple Computers. Call 1-800-941-7654 Click Here.

OWC: Upgrade to a Larger Hard Drive, Add Additional Drives SATA for Mac Pro and G5s, up to 1.0TB in each Bay. 500GB from $90!

Mac users can finally play Party Poker for Mac. Not only that, they can also learn how to play PokerStars for Mac.

Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.

Compare products like desktop computers, laptops, and LCD TVs side by side! All the information and reviews to make the best purchasing decision for a new cell phone GPS products or MP3 players. The Ciao network makes searching products easy for you.

New iMac 800Mhz Memory 4GB $90, 2GB $45 - Click to Maximize your Macs...

INCLUDE TEXT HERE

About LEM | Support | Usage | Privacy | Contacts

Entire Low End Mac website copyright ©1997-2008 by Cobweb Publishing, Inc., unless otherwise noted. All rights reserved. Advice presented in good faith, but what works for one may not work for all. Please report errors to .
  LINKS: We allow and encourage links to any public page as long as the linked page does not appear within a frame that prevents bookmarking it.
  Access our RSS news feed at http://lowendmac.com/feed.xml.
  Email may be published at our discretion; email addresses will not be published without permission, and we will encrypt them in hopes of avoiding spammers. If you prefer your message not be published, mark it "not for publication." Letters may be edited for length, context, and to match house style.
  PRIVACY: We don't collect personal information unless you explicitly provide it. For more details, see our Terms of Use.
  Low End Mac is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple Inc. Apple, the Apple logo, Macintosh, iBook, iMac, eMac, iPod, PowerBook, MacBook, Mac Pro, Apple TV, and AirPort are registered trademarks of Apple Inc. Additional company and product names may be trademarks or registered trademarks and are hereby acknowledged.


Have a question?
Ask an expert!

Navigation

Used Mac Dealers
Apple History
Best Used Macs
Video Cards
Email Lists
InfoMac's Low
End Mac Forum

Favorite Sites

MacSurfer
MacMinute
MacInTouch
MyAppleMenu
InfoMac
Macs Only!
The Mac Observer
Accelerate Your Mac
RetroMacCast
PB Central
MacWindows
The Vintage Mac
   Museum
DealMac
DealsOnTheWeb
Mac2Sell
ramseeker
Mac Driver Museum
JAG's House
System 6 Heaven
System 7 Today
the pickle's Low-End
   Mac FAQ
Abandonware
   Petition
Mac vs. PC Info

Affiliates

The Apple Store
Mac Connection
MacMall
TechRestore
MacResQ
ExperCom
Crucial Memory
batteries.com

Advertise

All of our advertising is handled by BackBeat Media. For price quotes and advertising information, please contact at BackBeat Media (646-546-5194). This number is for advertising only.

Open Link

Problems viewing this page with Internet Explorer 5.5 or 6? It works fine in other browsers, including IE 7. We recommend Firefox for those using Windows, as it is standards based and more secure than IE 6 (and earlier). More LEM visitors use Firefox than any other browser.

The Nimda Worm

The Nimda Worm

2001.09.18

Nimda came out of nowhere on September 18, 2001. It targets Windows computers, using individual networked PCs to infect NT-base servers running IIS. A Windows PC can become infected by opening or previewing an infected email, visiting a site on an infected server, or simply being on the same network as another infected Windows machine.

Windows servers can be infected by another server or PC on the same network or connecting over the Internet. Once a computer is infected, it will scan for other machines to infect. Once a server is infected, it will serve infected pages to visitors.

It may also be spreading via IRC and FTP.

Although Nimda can only infect Windows PCs, it can cripple servers running any operating system by hitting them persistently. As of 9:00 p.m. on Sept. 18, our Web log showed Low End Mac's Linux-based server had been hit almost 8,000 times:

989: /scripts/..%255c../winnt/system32/cmd.exe
988: /scripts/..%5c../winnt/system32/cmd.exe
500: /scripts/root.exe
499: /msadc/root.exe
498: /c/winnt/system32/cmd.exe
498: /d/winnt/system32/cmd.exe
497: /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe
496: /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe
495: /scripts/winnt/system32/cmd.exe
495: /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe
495: /scripts/..%c1%1c../winnt/system32/cmd.exe
494: /scripts/..%c0%af../winnt/system32/cmd.exe
493: /scripts/..%252f../winnt/system32/cmd.exe
493: /scripts/..%c1%9c../winnt/system32/cmd.exe

We received out first email with Nimda at 11.18 a.m. Here's the opening part of that message:

--====_ABC1234567890DEF_====
Content-Type: multipart/alternative;
	boundary="====_ABC0987654321DEF_===="
         
--====_ABC0987654321DEF_====
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
         
         
<HTML><HEAD></HEAD><BODY bgColor=3D#ffffff>
<iframe src=3Dcid:EA4DMGBP9p height=3D0 width=3D0>
</iframe></BODY></HTML>
--====_ABC0987654321DEF_====--
         
--====_ABC1234567890DEF_====
Content-Type: audio/x-wav;
	name="readme.exe"
Content-Transfer-Encoding: base64
Content-ID: <EA4DMGBP9p>

If you're setting up a filter, have it look for name="readme.exe" as a good place to start in separating Nimda from other incoming email.

The Nimda worm seeks out Windows servers running IIS. As the log indicates, Nimda is looking for cmd.exe and/or root.exe.

Links

<back to virus page>

Channels
 Power Macs
 iMac Channel
 iBook/PowerBook
 MacInSchool
Computer Profiles
 iMac
 Power Mac
 PowerBook/iBook
 Performas
 Mac Clones
 Older Macs
 LisaNeXT
Editorial Archive
Mac Daniel's Advice
Email Lists
LEMchat (uses AIM)
Online Tech Journal
Consumer
 advice, reviews
 guides, deals
Software
Apple History
Best of the Web
 Best of the Mac Web surveys
Miscellaneous Links
 Best Used Mac Buys
 Used Mac Dealers
 Video Cards
 Mac OS X
 Mac Linux
 Macspeak
 RAM Upgrades
About Low End Mac
Site Contacts

Open Link

Support LEM

Affiliates

The Apple Store
.mac
iTunes Store
Club Mac
MacMall
MacResQ
ExperCom
eBay
Amazon.com
PayPal
PCMall
PC Zone
Crucial Memory

Our advertising is handled by BackBeat Media. For detailed price quotes and advertising information, please contactat BackBeat Media (646-546-5194). This number is for advertising only.

Entire Low End Mac website copyright ©1997-2008 by Cobweb Publishing, Inc., unless otherwise noted. All rights reserved. Advice presented in good faith, but what works for one may not work for all. Please report errors to .
  LINKS: We allow and encourage links to any public page as long as the linked page does not appear within a frame that prevents bookmarking it.
  Access our RSS news feed at http://lowendmac.com/feed.xml.
  Email may be published at our discretion; email addresses will not be published without permission, and we will encrypt them in hopes of avoiding spammers. If you prefer your message not be published, mark it "not for publication." Letters may be edited for length, context, and to match house style.
  PRIVACY: We don't collect personal information unless you explicitly provide it. For more details, see our Terms of Use.
  Low End Mac is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple Inc. Apple, the Apple logo, Macintosh, iBook, iMac, eMac, iPod, PowerBook, MacBook, Mac Pro, Apple TV, and AirPort are registered trademarks of Apple Inc. Additional company and product names may be trademarks or registered trademarks and are hereby acknowledged.