Registered Company No: 5363256
Links:
 |
|
|
|
|
|
|
| The Nimda Worm |
|
PC support #1: the Nimda "worm" (virus)
25th September 2001
C O N T E N T S
----- THE NIMDA WORM
1. What is it?
2. Have I got it? How do I get rid of it?
3. How do I protect myself?
----- ADDITIONAL INFORMATION
4. Why do I need to upgrade Internet Explorer? I only use e-mail - I don't browse the web!
5. How do I tell which version I have?
6. So how do I know if I need to upgrade?
----- CONTACT DETAILS
----------------------------------------------------------------------
----- THE NIMDA WORM -------------------------------------------------
----------------------------------------------------------------------
-- 1. What is it?
As some of you will know, there's a rather nasty "worm" called Nimda which has been spreading across the Internet recently. A worm is similar to a virus - the difference is somewhat technical and not worth covering here. It's not as damaging as some (though it _will_ mess your computer up if you catch it) but it is very infectious because it has many ways of spreading, including e-mail and web sites. You can (for example) catch it by looking at a perfectly legitimate web site that has been infected.
-- 2. Have I got it? How do I get rid of it?
The best way to find out if you have caught it is to use an UP TO DATE anti-virus program. However, there are some free programs which will find and eliminate it. One I have tried can be downloaded from this web page:
http://www.mcafeeb2b.com/naicommon/avert/avert-research-center/tools.asp#NimdaScn
(click on NIMDASCN.ZIP) or I can let you have a copy of it and instructions on how to use it. If you aren't confident about checking for yourself, please let me know and I'll come and do it for you.
-- 3. How do I protect myself?
There are two main things to do. Firstly, update your anti-virus program, assuming you have one, and scan your PC. I'll cover this in more detail in my next PC support bulletin.
Secondly, if you use Internet Explorer for web browsing, or use Outlook or Outlook Express for e-mail, you probably need to update Internet explorer (yes - even if you only use e-mail, and don't use the web!).
This will apply to most if not all of you - if in doubt, upgrade anyway. I can supply you with a CD with a suitable upgrade and instructions on how to install it if you wish to do this (it's quite easy), or I can
install it for you if you want. You _can_ download it from the web (see below) but it could take several hours!
----------------------------------------------------------------------
----- ADDITIONAL INFORMATION -----------------------------------------
----------------------------------------------------------------------
The essentials are covered above. This section is extra information for the more curious or technically minded of you.
-- 4. Why do I need to upgrade Internet Explorer? I only use e-mail - I don't browse the web!
There are two basic formats for e-mail - plain text (which is just what it sounds like) or "HTML" which can contain different fonts, colours, pictures etc. Which form you receive depends on how the sender chooses to send it. Note that you can't always tell just by looking - many HTML messages look like plain text.
Outlook and Outlook Express are probably the most popular e-mail programs, and are published by Microsoft, as is Internet Explorer. If you receive an HTML message, then these programs actually use Internet Explorer to display the message (this may also be true for some other e-mail programs). They do this because HTML is actually the language used to create web pages. Thus a vulnerability in Internet Explorer can affect you when you are reading an e-mail.
-- 5. How do I tell which version I have?
Not as easy as it seems! The major version number (probably 4, 5 or 5.5) is easy to tell, but the exact version is not particularly obvious. To get the version information, try this:
Start Internet Explorer. You don't have to bother to connect to the Internet - if the dial-up box appears, you can click "Work offline". Then click "Help" on the menu bar and choose "About Internet Explorer"
from the menu. A window will appear with various information in it. There may or may not be a large version number displayed (probably 4 or 5), but there will also be a version number in smaller writing:
something like "Version 5.50.4807.2300". This example indicates the major version number is 5.5. However, the exact version number is not obvious - for example, "Version 5.00.2919.6307" is actually version 5.01!
There should also be a line further down saying "Update Versions". This lists the version numbers of patches and "minor" upgrades that have been applied. So to get the complete version information about Internet Explorer you need both lines - and there are many possible combinations.
-- 6. So how do I know if I need to upgrade?
Well, this is not quite as difficult as the above might make you think. To be protected from Nimda you need either version 5 or above, and the Update Versions line must contain one of the following:
Q295106
Q299618
Q290108
SP2
The "Q" numbers are the codes for various patches that Microsoft have issued. SP2 stand for "Service Pack 2", which is a package of upgrades and patches all rolled together.
Whilst any of these will protect you from Nimda, I would recommend that for best security you should run version 5.5 Service Pack 2 (5.5.something in the main version number, and SP2 in the Update
Versions). You can download this from the Internet at
http://www.microsoft.com/windows/ie/downloads/recommended/ie55sp2/default.asp
but be warned, it could take several hours. Alternatively, I may be able to let you have a copy on CD, plus instructions on installing it, or I may be able to install it for you.
Any other questions, please let me know and I'll try to help.
----------------------------------------------------------------------
----- CONTACT DETAILS -----------------------------------------------
----------------------------------------------------------------------
Chris Livingstone
e-mail: mailto:chris-l@ntlworld.com
web site: http://www.pcparamedic.org.uk |
|
|
|
