Computer Associates Africa has warned that a new variant of the Nachi worm (also known as Welchia), Win32.Nachi.B is currently spreading through company networks.
Although it appears to be spreading - through the DCOM RPC exploit - at a relatively low pace, this so-called "good" worm poses the same risks as it predecessor.
Nachi.A last year paralysed many corporate networks in its attempts to patch the Windows security hole that the malicious Win32.Poza (Blaster or Lovsan) worm exploited to access systems.
Again, Nachi.B seeks to undo the affects of a previous worm infections, which includes components related to Nachi.A, Mydoom.A and Mydoom.B.
It attempts to download a number of Microsoft Windows patches in an effort to "plug holes` in the operating system (OS) and remove the risk of further worm attacks.
This is where many would mistakenly consider Nachi.B a "good worm". However, it does not seek a user`s permission to 1) invade the computer, 2) download software, 3) attempt to reboot and 4) spread to other computers, and is by definition malware.
CA`s Virus Information Centre advises that in order to avoid Nachi.B infection it is vital that users patch their machines. Systems running Windows XP, 2000 and NT are vulnerable. Go to http://www.microsoft.com/technet/security/bulletin/MS03-026.asp to download the relevant patch.
Share
Editorial contacts