The first variant of the Nachi/Welchia worm which caused so much trouble last summer has emerged on the internet, anti-virus software companies said yesterday, rating the worm “low risk”.
Nachi.B spreads to Windows computers still vulnerable to two vulnerabilities in the Remote Procedure Call, publicized last year. The Blaster worm exploited the same vulnerabilities, as did the original Nachi.
Network Associates Inc said the new variant tried to clean Blaster-infected machines, and to download patches from Microsoft that close the relevant vulnerabilities.
Nachi.B also carries an HTML document containing several dates important in Japanese military history, suggesting the worm could be of Asian origin.
The original Nachi was one of the most damaging worms ever. When it hit last August it notably caused Air Canada planes to be delayed, and is known to have hit two US military sites.
Yesterday as ComputerWire went to press, anti-virus firms were still analysing the worm, but appeared confident that it will not cause nearly as many problems as the first one.
This article is based on material originally published by ComputerWire