kinda like pepsi twist, though i despise pepsi products.
UnderAttack writes "This morning, the SANS Internet Storm Center posted a note about an increase in ICMP traffic, including a quick initial analysis. As it turns out, yet another worm, this time the W32/Nachi.worm, is going around taking advantage of the RPC DCOM vulnerability. The twist this time: the worm will actually clean up machines. It tries to download the correct patches from Windows Update and remove the Blaster worm."
some more info for you:
Intentions of the worm
This worm tries spreads by exploiting a hole in Microsoft Windows. It instructs a remote target system to download and execute the worm from the infected host. Once running, the worm terminates and deletes the W32/Lovsan.worm.a process and applies the Microsoft patch to prevent other threats from infecting the system through the same hole. When the system clock reaches Jan 1, 2004, the worm will delete itself upon execution.
Downloading of Patches
The worm carries links to various patches for the MS03-026 vulnerability:
http://download.microsoft.com/downlo...80-x86-KOR.exe
http://download.microsoft.com/downlo...80-x86-CHT.exe
http://download.microsoft.com/downlo...80-x86-CHS.exe
http://download.microsoft.com/downlo...80-x86-ENU.exe
http://download.microsoft.com/downlo...80-x86-KOR.exe
http://download.microsoft.com/downlo...80-x86-CHT.exe
http://download.microsoft.com/downlo...80-x86-CHS.exe
http://download.microsoft.com/downlo...80-x86-ENU.exe
The worm attempts to download and install one of these patches on the victim machine.
Removal of W32/Lovsan.worm.a
The worm also looks for and removes W32/Lovsan.worm.a from an infected system. It achieves this by targeting MSBLAST.EXE. (The process is terminated if running on the victim machine.) NB: The Registry hook employed by MSBLAST.EXE is not removed by the worm.
Self removal
When the system clock reaches Jan 1, 2004, the worm will delete itself upon execution.
Virus warning, almost like the virus itself is not good. Recently, we got an email from a manager, he got a virus on his computer, and installed a bad dll files, it is sent to his address book that everyone and his blind forward the message to everyone, he knew asking them to delete the file. We check the DLL file is legitimate, and e-mail itself is a scam. Some people just dumb, they will put forward whatever they received. Receive a virus warning, I am very tired. They usually just junk mail, most people have never recognized the problem, they push before sending.
[url=http://smallbusiness.norton.com?om_ext_cid=soho_ext_blurbpoint_forum]Norton business[/url]
Bookmarks