WIN32/NIMDA.E

A new computer infiltration hit the streets today. It appears, the new infiltration is yet another variant of the NIMDA worm.

Based on the worm resemblance to its predecessors, the new worm is named Nimda.E. Unlike its older variants (Nimda B, C, D) differing by various levels of compression, the new variant is not compressed and its body is changed. The body of the worm contains the following text:

Concept Virus(CV) V.6, Copyright(C)2001, (This's CV, No Nimda.)

The aforementioned text seems to reveal its author's dissatisfaction with the fact, that the antivirus developer named his "product" differently than himself. However, the term 'Concept ' has long been used to denote the first macro virus.

The infected mail attachment is named sample.exe. The new files created by the worm are different from those, created by the old variants as well: (e.g. httpodbc.dll in place of admin.dll)

NOD32 version 1.120 detects the worm. Cleaning is available for all using version 1.121. The patch removing the security hole in Internet Explorer (making the attack possible) can be downloaded from: http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp