Following a week where hundreds of thousands of computers
worldwide were affected by the Blaster worm, Sophos, a
global leader in anti-virus protection for businesses, is warning
against the new Nachi worm (W32/Nachia-A,
also known as Welchia or Welchi). In a bizarre twist, the Nachi
worm attempts to remove the Blaster worm as well as patch
vulnerable Microsoft computers against a critical security hole to
prevent reinfection.
Taking advantage of the same critical security hole in Microsoft
Windows which was exploited by the Blaster worm, Nachi searches for
unpatched computers. Once located, it infects the computer without
asking the user's permission and hunts for traces of the Blaster
worm. If Blaster is found, the Nachi worm attempts to remove the
infection and download patches to fix the Microsoft
vulnerability.
"The writer of the Nachi worm may want to be seen as the Dirty
Harry of the internet world, cleaning up malicious Blaster code
wherever it is found," said Graham Cluley, senior technology
consultant at Sophos. "But no virus is a good virus. Infecting
systems in order to disinfect and patch computers isn't a
responsible way to deal with the problem as the worm could easily
get out of control or cause unexpected conflicts. It is vital that
computer users patch the holes in Microsoft software and ensure
their anti-virus has the latest protection."
The author of Nachi suggests that he is a family man - contained
inside the worm's code is the text "I love my wife & baby
:)".
The Microsoft security patch to protect against the
vulnerability exploited by the Nachi and Blaster worms can be
downloaded from www.microsoft.com/technet/security/bulletin/MS03-026.asp
Home users of Microsoft Windows can visit http://windowsupdate.microsoft.com and get
their system scanned for Microsoft security vulnerabilities.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.