Following a week where hundreds of thousands of computers worldwide were affected by the Blaster worm, Sophos, a global leader in anti-virus protection for businesses, is warning against the new Nachi worm (W32/Nachia-A, also known as Welchia or Welchi.
In a bizarre twist, the Nachi worm attempts to remove the Blaster worm as well as patch vulnerable Microsoft computers against a critical security hole to prevent re-infection.
Taking advantage of the same critical security hole in Microsoft Windows which was exploited by the Blaster worm, Nachi searches for unpatched computers. Once located, it infects the computer without asking the user`s permission and hunts for traces of the Blaster worm. If Blaster is found, the Nachi worm attempts to remove the infection and download patches to fix the Microsoft vulnerability.
"The writer of the Nachi worm may want to be seen as the Dirty Harry of the Internet world, cleaning up malicious Blaster code wherever it is found," said Cornel Swart, national sales manager for local Sophos distributor, NetXactics.
"But no virus is a good virus. Infecting systems in order to disinfect and patch computers isn`t a responsible way to deal with the problem as the worm could easily get out of control or cause unexpected conflicts. It is vital that computer users patch the holes in Microsoft software and ensure their anti-virus has the latest protection." The author of Nachi suggests that he is a family man - contained inside the worm`s code is the text "I love my wife & baby :)".
Details of the Nachi worm can be found at http://www.sophos.com/virusinfo/analyses/w32nachia.html
The Microsoft security patch can be downloaded from http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
Home users of Microsoft Windows can visit http://windowsupdate.microsoft.com and get their system scanned for all Microsoft security vulnerabilities.
Share