Virus Advisory: W32/Nachi.worm

Reply Subscribe

Thread Tools

Search this Thread

18 August 2003, 05:05 PM

JackClark

Scooby Senior

Thread Starter

Join Date: Dec 2000

Location: Overdosed on LCD

Posts: 20,852

Likes: 33

Received 51 Likes on 34 Posts

Another high volume threat exploiting the MS03-026 vulnerability.
Info here
This one is detected by the daily dats available here

Reply Like

18 August 2003, 05:13 PM

Figment

Scooby Regular

Join Date: Jul 2001

Location: deep inside your imagination

Posts: 24,057

Likes: 0

Received 0 Likes on 0 Posts

Correct URL here

Am I correct in assuming that anyone who has already patched against msblaster should be safe(ish)?

Reply Like

18 August 2003, 05:45 PM

JackClark

Scooby Senior

Thread Starter

Join Date: Dec 2000

Location: Overdosed on LCD

Posts: 20,852

Likes: 33

Received 51 Likes on 34 Posts

Thanks for the link.

You're correct, everyone should be safe'ish.

Reply Like

18 August 2003, 05:52 PM

Figment

Scooby Regular

Join Date: Jul 2001

Location: deep inside your imagination

Posts: 24,057

Likes: 0

Received 0 Likes on 0 Posts

NP, and cheers

Reply Like

18 August 2003, 06:06 PM

beemerboy

Scooby Regular

Join Date: Sep 2002

Location: Essexville

Posts: 4,391

Likes: 0

Received 0 Likes on 0 Posts

thanks for the headsup, Jack

BB

Reply Like

18 August 2003, 10:06 PM

carl

Scooby Regular

Join Date: May 1999

Posts: 7,901

Likes: 0

Received 0 Likes on 0 Posts

TBH I'm astounded that anyone was caught by MSBlast. There must be people connected to the net without any sort of hardware or software firewall, and no AV software

Reply Like

18 August 2003, 11:02 PM

stu200

Scooby Regular

iTrader: (1)

Join Date: Apr 2001

Posts: 531

Likes: 0

Received 0 Likes on 0 Posts

carl,

There's millions of them ... unfortunately

Reply Like

Trending Topics

Tried to Cancel Membership month ago.

3

40
What is it with this forum and abuse?

146

5.1k
Cars doors locking then unlocking immediately with remote

1

86
Part/part number

4

206

18 August 2003, 11:58 PM

beemerboy

Scooby Regular

Join Date: Sep 2002

Location: Essexville

Posts: 4,391

Likes: 0

Received 0 Likes on 0 Posts

Quote:

no AV software

irrelevant at the time...

Reply Like

19 August 2003, 12:08 AM

JackClark

Scooby Senior

Thread Starter

Join Date: Dec 2000

Location: Overdosed on LCD

Posts: 20,852

Likes: 33

Received 51 Likes on 34 Posts

Antivirus software is very relevant, we detected this threat on the 07/29/2003. Info

Reply Like

19 August 2003, 02:35 PM

#10

JackClark

Scooby Senior

Thread Starter

Join Date: Dec 2000

Location: Overdosed on LCD

Posts: 20,852

Likes: 33

Received 51 Likes on 34 Posts

Update: the virus also attempts to exploit an NTDLL.DLL vulnerability (MS03-007) via WebDav.

Time to get patching again.

Reply Like

19 August 2003, 03:15 PM

#11

SJ_Skyline

Scooby Senior

Join Date: Apr 2002

Location: Limbo

Posts: 21,922

Likes: 0

Received 1 Like on 1 Post

"The writer of the Nachi worm may want to be seen as the Dirty Harry of the internet world, cleaning up malicious Blaster code wherever it is found,"

said Graham Cluley, senior technology consultant at Sophos

PMSL

Reply Like

19 August 2003, 03:22 PM

#12

JackClark

Scooby Senior

Thread Starter

Join Date: Dec 2000

Location: Overdosed on LCD

Posts: 20,852

Likes: 33

Received 51 Likes on 34 Posts

Graham is such a funny man

Reply Like

20 August 2003, 12:07 AM

#13

fast bloke

Scooby Regular

Join Date: Nov 2000

Posts: 26,619

Likes: 0

Received 0 Likes on 0 Posts

Jack - Can you actually confirm that the Nachi payload attempts to clean up remnants of blaster code?

If so, does anyone else find this a bit freaky - sort of like biological warfare without the rotting flesh?