- BlackBerry Storm vs. the iPhone
- 2008 IT industry graveyard
- Top 10 worst uses for Windows
- Economic crisis means double duty for IT pros
- BlackBerry Storm, RIM's first touchscreen device, rolls in
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
As if last week's Blaster worm didn't cause enough damage, there are now reports of a worm that breaks into Windows-based computers to try to delete any trace of the Blaster worm infection, and then downloads the patch Microsoft developed to fix the vulnerability that Blaster exploits.
First spotted in Asia, the worm is being called Nachi, Welchia or MSBlast.B, according to at least three antivirus firms that have analyzed its code. Ian Hameroff, security strategist at Computer Associates, which has named the worm Nachi, said it can break into any Windows XP, 2000, NT or 2003 machine that hasn't been patched for the Remote Procedure Call (RPC) vulnerability identified last month. This is the technique exploited by the Blaster worm first seen last week, which infected hundreds of thousands, if not millions, of computers worldwide.
Blaster's main purpose was to launch a denial-of-service attack against Microsoft's Windows Update site via compromised machines. But that had very limited success since Microsoft disabled the windowsupdate.com URL that Blaster specifically targeted. This URL was a redirect link to the main Microsoft site windowsupdate.microsoft.com, which Microsoft protected.
Chris Thompson, vice president of marketing at Network Associates, noted that the Blaster worm couldn't start a DoS attack when it couldn't find the target URL, and would instead try to hit an IP address 255.255.255.255 five times afterward. But Windows machines aren't prepared to handle that request anyway, he added.
The Blaster worm failed to affect Microsoft substantially. However, many corporate networks have faced paralyzing congestion due to scanning caused by Blaster infections of unpatched machines.
Now, a new worm is on the loose to infect vulnerable machines in the same way Blaster does. But its purpose is thought to be to find Blaster code, eradicate it, and install the Microsoft patch. However, trying to install a patch without the network administrator’s oversight can "have repercussions," such as causing machines to fail, noted David Perry, Trend Micro's global director on education issues. It represents a break-in of a different sort that must be prevented through proper patching and other means, such as antivirus software.
The Nachi/Welchia/MSBlast worm does not seem to be moving fast, but security firms are keeping a close eye on evidence of its spread since it could also become a problem this week as Blaster was last week.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment