| VIRUS ALERT
Virus Name:
W32/Nachi.worm
We would like to make all our users aware of a new worn doing the rounds.
This is another virus that exploits the MS03-026
vulnerability. In addition to exploiting this RPC DCOM vulnerability, the virus also attempts to exploit an NTDLL.DLL vulnerability (MS03-007
) via WebDav.
It is not related to the W32/Lovsan.worm.d variant described here
.
This worm spreads by exploiting a hole in Microsoft Windows. It instructs a remote target system to download and execute the worm from the infected host. Once running, the worm terminates and deletes the W32/Lovsan.worm.a process and applies the Microsoft patch to prevent other threats from infecting the system through the same hole. When the system clock reaches Jan 1, 2004, the worm will delete itself upon execution.
Our email virus scanner has been updated to protect against this threat.
Stinger
is a stand alone remover. You may download your copy by going to the following URL: http://vil.nai.com/vil/stinger
Reference:
http://vil.nai.com/vil/content/v_100559.htm
| 