All the latest UK technology news, reviews and analysis
|
|
|
12 Feb 2004
A new variant of the Nachi worm is patching PCs that are vulnerable to MyDoom.A.
Nachi B, also known as Welchi, copies itself onto systems using the same flaw as MyDoom.A, as a file named 'Svchost.exe'.
Further reading
It then attempts to delete MyDoom and downloads patches to fix the security hole.
Carole Theriault, security consultant at Sophos, said: "It's an interesting case - some kind of Robin Hood virus.
"We're seeing some spreading but it's not going too fast. We're hoping everyone with MyDoom would have stripped it out by now. If IT managers haven't updated by now they are way behind the curve."
Viruses to deal with viruses are nothing new. In the mid 1990s a boot sector virus called Chinese Fish attempted something similar by removing a virus called Stoned.
Nachi's first incarnation emerged last year as an attempt to patch the security hole exploited by the Blaster worm.
David Emm, product marketing manager at McAfee Security, explained that such code is a bad idea.
"I see code like this as a little bit of a blind; a ruse to calm people's fears," he said.
"Nachi A did not do a particularly good job at patching systems and this one doesn't look much better. At the end of the day it's still self-replicating code and that's a bad medium."
Infection rates are low so far, but an antivirus signature is under development.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Leading Financial Trading Systems Brokerage / Capital...
Technical Consultant - Windows, Virtualisation, HP, Server...
The role requires an experienced Project Manager, particularly...
iPhone and iPad developer required! We are seeking...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Home page obstruction
I try to get msn homepage, but I'm blocked by a page with "warnings" that my usage of internet is being reported to police, newspapers. and what all. I can't eliminate the page which wants me to buy software to protect me. z How can I delete this page?
Posted by: Anthony Galligani 19 Aug 2005