Press Releases

Browse our press release archive

19 Aug 2003

Nachi worm tries to undo Blaster damage - but no virus is a good virus, says Sophos

The Nachi worm contains a message which does not get displayed

Following a week where hundreds of thousands of computers worldwide were affected by the Blaster worm, Sophos, a global leader in anti-virus protection for businesses, is warning against the new Nachi worm (W32/Nachia-A, also known as Welchia or Welchi). In a bizarre twist, the Nachi worm attempts to remove the Blaster worm as well as patch vulnerable Microsoft computers against a critical security hole to prevent reinfection.

Taking advantage of the same critical security hole in Microsoft Windows which was exploited by the Blaster worm, Nachi searches for unpatched computers. Once located, it infects the computer without asking the user's permission and hunts for traces of the Blaster worm. If Blaster is found, the Nachi worm attempts to remove the infection and download patches to fix the Microsoft vulnerability.

"The writer of the Nachi worm may want to be seen as the Dirty Harry of the internet world, cleaning up malicious Blaster code wherever it is found," said Graham Cluley, senior technology consultant at Sophos. "But no virus is a good virus. Infecting systems in order to disinfect and patch computers isn't a responsible way to deal with the problem as the worm could easily get out of control or cause unexpected conflicts. It is vital that computer users patch the holes in Microsoft software and ensure their anti-virus has the latest protection."

The author of Nachi suggests that he is a family man - contained inside the worm's code is the text "I love my wife & baby :)".

The Microsoft security patch to protect against the vulnerability exploited by the Nachi and Blaster worms can be downloaded from www.microsoft.com/technet/security/bulletin/MS03-026.asp

Home users of Microsoft Windows can visit http://windowsupdate.microsoft.com and get their system scanned for Microsoft security vulnerabilities.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.