Mail essentials can block this new virus at server level

London, UK, 18 September 2001 - GFI, leading developer of email content checking & anti-virus software, warns of the new Nimda mass-mailing worm. GFI Security Labs have discovered that this virus, which replicates fast, has the alarming ability to run without user intervention. It can be blocked at server level by Mail essentials for Exchange/SMTP, GFI's email content checking and anti-virus solution.

The Nimda worm is spreading rapidly by email and is transmitted as an attachment in the form of an executable file called readme.exe. (For a full description of the Nimda worm, please see http://www.gfi.com/news/press.asp?release=nimdaworm). It is activated in one of two ways: either by opening the attachment, or automatically. GFI Security Labs has discovered that Nimda can run without user intervention using an exploit in Microsoft Outlook discovered by Juan Carlos Cuartango and posted in a Microsoft Security Bulletin (MS01-020) on 29 March 2001 (see http://www.securityfocus.com/bid/2524). However, should this exploit fail, recipients can still be fooled into activating this virus, as it pops up a dialog window inviting the user to run it.

Once triggered, the Nimda worm sends itself out to all contacts in the recipient's email address book. The Subject of the email carrying the Nimda worm is random, whereas the email itself carried no message text. Because of its highly replicative nature, Nimda could clog mail servers.

Nimda is disseminated in more ways than one: It also seeks and infects IIS servers, as did the recent BlueCode worm. In this case, it defaces the victim's web site. Worse still, ongoing research on the Nimda worm by GFI Security Labs points to the likelihood that any user vulnerable to this exploit who happens to access an infected site may become infected simply by visiting the defaced site.

"The Nimda virus has taken email threats one step further in its use of complex replication mechanisms and the fact that it is transmitted in a multitude of ways. It appears to be a concept virus and it has worked successfully, which suggests that Nimda variants and other similar email viruses are on their way and could possibly make use of new exploits. Email security at server level is an absolute must to block this new threat," advised David Vella, Product Manager, GFI.

"With Mail essentials, blocking this virus is easy: In the Mail essentials configuration, just add an Attachment Checking Rule to block executable attachments. This will block any incoming/outgoing infected mail, by quarantining any attachments which are .exe files."

About Mail essentials
Mail essentials for Exchange/SMTP is an email content checking and anti-virus solution that removes all types of email-borne threats before they can affect an organization's email users. Spam, viruses, dangerous attachments and offensive content can be removed before the email users can receive them. More information can be found at http://www.gfi.com/me/index.html. The full version of Mail essentials is available from $350.