W32/Nachi.A
Panda Software reports the appearance of
a new worm called W32/Nachi.A
08/19/2003. This worm exploits the vulnerability recently discovered in several
versions of the Microsoft Windows operating system
Panda Softwares Virus Laboratory
has reported the appearance of a new worm
called W32/Nachi.A. This malicious code is programmed to exploit the RPC DCOM
vulnerability that affects some versions of the Windows operating system in order to
spread to as many computers as possible. Nachi.A does not spread via e-mail but attacks
remote machines via TCP/IP and tries to cause a buffer overflow in them. After doing this,
the attacked computer is forced to download a copy of the worm, which is done through a
TFTP (Trivial File Transfer Protocol) server incorporated in this worm.
This worm, which originated in China, can
also use another exploit known as WebDav. Information about this exploit and the patch to
fix it are available at the following address: http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/bulletin/ms03-007.asp
The worm is programmed to delete itself from the affected computer in 2004. Another
interesting characteristic of Nachi.A is that it can uninstall the Blaster worm. In order
to do this, it destroys the process and deletes the files belonging to this worm. However,
not only does it remove this worm but it also installs the Microsoft patch that fixes the
vulnerability it exploits on affected computers.
Panda Software advises network
administrators, IT managers and home users to immediately install the patches released by
Microsoft to fix the RPC DCOM vulnerability.
These are available at http://www.microsoft.com/security/security_bulletins/ms03-026.asp
where you can also find detailed information about this flaw.
In order to avoid falling victim to
attack, Panda Software advises users to update their antivirus solutions immediately. The
multinational antivirus manufacturer has already released the updates, which ensure their
antivirus solutions detect Nachi.A.
Users can also detect this and other
malicious code using the free, online antivirus, Panda ActiveScan, which is available on
the companys website at http://www.pandasoftware.com