W32/Nachi.A - Europe's leading import and export portal and business directory - b2b marketplace
Keywords Webhosting Webdesign Travel Work at home USA Finance Jobs Ecommerce

Bizeurope
Full membership
Add your url
Advertising
Companies
Buyleads
Company profiles
Export contacts
Export offers
Importers
Post export offer
Post import lead

Web promotion
Keyword links
Aviation
Business
Casinos
Companies
Computer
Consultants
Countries
Day trading
Debt
Divx movies
Downloads
Education
Ecommerce
Entertainment
Finance
Fonts
Games
Health
Insurance
Jobs
Kids
Mortgage
Motherboards
Outplacement
Processors
Real estate
Security
Servers
Suppliers
Shopping
Sports
Telecom
Translators
Travel
Webdesign
Webhosting
Webmaster
Work at home
More topics.....
Business portals
Asiadatabase
Asiaprofile
BizEurope
BizGermany
BizHolland
BizUnitedKingdom
Businesskeywords
EUmanufacturer
Export Database
Export Linker
Export Mailing
Export Offers
Hardwarelinker
Image Supplier
Import Contacts
Import Database
Import Europe
Import Germany
Import UK
Importer USA
Import Leads
Infomailing
Keywordlinker
Productlinker
Telecomlinker
Trading dbase
Travellinker
Turbolinker
UGA media
USAlinker
USAmanufacturer
Visit2Europe
Webdesign
Webhostinglinker
 

W32/Nachi.A

Panda Software reports the appearance of a new worm called W32/Nachi.A

08/19/2003. This worm exploits the vulnerability recently discovered in several
versions of the Microsoft Windows operating system

Panda Software’s Virus Laboratory has reported the appearance of a new worm
called W32/Nachi.A. This malicious code is programmed to exploit the RPC DCOM
vulnerability that affects some versions of the Windows operating system in order to spread to as many computers as possible. Nachi.A does not spread via e-mail but attacks remote machines via TCP/IP and tries to cause a buffer overflow in them. After doing this, the attacked computer is forced to download a copy of the worm, which is done through a TFTP (Trivial File Transfer Protocol) server incorporated in this worm.

This worm, which originated in China, can also use another exploit known as WebDav. Information about this exploit and the patch to fix it are available at the following address: http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/bulletin/ms03-007.asp


The worm is programmed to delete itself from the affected computer in 2004. Another interesting characteristic of Nachi.A is that it can uninstall the Blaster worm. In order to do this, it destroys the process and deletes the files belonging to this worm. However, not only does it remove this worm but it also installs the Microsoft patch that fixes the vulnerability it exploits on affected computers.

Panda Software advises network administrators, IT managers and home users to immediately install the patches released by Microsoft to fix the RPC DCOM vulnerability.

These are available at http://www.microsoft.com/security/security_bulletins/ms03-026.asp where you can also find detailed information about this flaw.

In order to avoid falling victim to attack, Panda Software advises users to update their antivirus solutions immediately. The multinational antivirus manufacturer has already released the updates, which ensure their antivirus solutions detect Nachi.A.

Users can also detect this and other malicious code using the free, online antivirus, Panda ActiveScan, which is available on the company’s website at http://www.pandasoftware.com

 

 


Visitors:

Members:

Click here for information