Test ID:	1.3.6.1.4.1.25623.1.0.10767
Category:	Malware
Title:	Tests for Nimda Worm infected HTML files
Summary:	Your server appears to have been compromised by the; Nimda mass mailing worm. It uses various known IIS vulnerabilities to compromise the; server.
Description:	Summary: Your server appears to have been compromised by the Nimda mass mailing worm. It uses various known IIS vulnerabilities to compromise the server. Vulnerability Insight: Anyone visiting compromised Web servers will be prompted to download an .eml (Outlook Express) email file, which contains the worm as an attachment. Also, the worm will create open network shares on the infected computer, allowing access to the system. During this process the worm creates the guest account with Administrator privileges. Note: this worm has already infected more than 500.000 computers worldwide since its release in late 2001. Solution: Take this server offline immediately, rebuild it and apply ALL vendor patches and security updates before reconnecting server to the internet, as well as security settings discussed in Additional Information section of Microsoft's web site linked in the references. Check ALL of your local Microsoft based workstations for infection. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2001-0545 Computer Incident Advisory Center Bulletin: L-132 http://www.ciac.org/ciac/bulletins/l-132.shtml Microsoft Security Bulletin: MS01-044 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044 http://www.osvdb.org/5736 XForce ISS Database: iis-url-redirection-dos(6981) https://exchange.xforce.ibmcloud.com/vulnerabilities/6981 Common Vulnerability Exposure (CVE) ID: CVE-2001-0508 BugTraq ID: 2690 http://www.securityfocus.com/bid/2690 Bugtraq: 20010506 IIS 5.0 PROPFIND DOS #2 (Google Search) http://online.securityfocus.com/archive/1/182579 http://www.osvdb.org/5606 http://www.osvdb.org/5633 http://www.iss.net/security_center/static/6982.php Common Vulnerability Exposure (CVE) ID: CVE-2001-0544 BugTraq ID: 3195 http://www.securityfocus.com/bid/3195 XForce ISS Database: iis-invalid-mime-header-dos(6983) https://exchange.xforce.ibmcloud.com/vulnerabilities/6983 Common Vulnerability Exposure (CVE) ID: CVE-2001-0506 BugTraq ID: 3190 http://www.securityfocus.com/bid/3190 Bugtraq: 20010817 NSFOCUS SA2001-06 : Microsoft IIS ssinc.dll Buffer Overflow Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=99802093532233&w=2 Bugtraq: 20011127 IIS Server Side Include Buffer overflow exploit code (Google Search) http://online.securityfocus.com/archive/1/242541 XForce ISS Database: iis-ssi-directive-bo(6984) https://exchange.xforce.ibmcloud.com/vulnerabilities/6984 Common Vulnerability Exposure (CVE) ID: CVE-2001-0507 Bugtraq: 20010816 ENTERCEPT SECURITY ALERT: Privilege Escalation Vulnerability in Microsoft IIS (Google Search) http://online.securityfocus.com/archive/1/205069 http://www.osvdb.org/5607 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A909 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A912 XForce ISS Database: iis-relative-path-privilege-elevation(6985) https://exchange.xforce.ibmcloud.com/vulnerabilities/6985
Copyright	Copyright (C) 2001 Matt Moore

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.