|
|
Rubrik: Virenwarnung/Aktuelle Meldungen Network
Associates: Virus Advisory - "Network Associates AVERT" Places
Nachi Threat as Medium Intrusion
Prevention Solutions Continue to Block Threats to Microsoft Windows
Vulnerability (27.08.03)
- Because the worm "W32/Nachi" spreads quietly, and does not arrive
as an e-mail attachment, users may not immediately realize that they have
been infected. Some users have reported large volumes of ICMP traffic in the
network, causing downtime or extreme cases of latency.
Anzeige
By
exploiting a vulnerability in Windows XP, NT and 2000, the worm is able to
execute without requiring any action on the part of the user. When run, it
instructs a remote target system to download and execute the worm from the
infected host. To ensure only
one instance of the worm on the victim machine, a mutex of Rpc_patch_mutex is
created and the worm installs itself within a WINS directory in the Windows
System directory. Once running, the worm terminates and deletes the
W32/Lovsan.worm but is not able apply the Microsoft patch to prevent other
threats from infecting the system through the same hole. When the system
clock reaches Jan. 1, 2004, the worm will delete itself upon execution. Immediate
information and cures for this virus can be found online at the Network
Associates AVERT site located at http://vil.nai.com/vil/content/v_100559.htm.
As with the recent Lovsan worm, many users of McAfee Security anti-virus
solutions were protected before Nachi began to spread. AVERT recommends that
users of McAfee Security anti-virus solutions update their systems from http://vil.nai.com/vil/content/v_100559.htm
and use the 4286 DATS and 4.1.60 or later scanning engine to detect, remove
and identify the threat as W32/Nachi.worm. McAfee
anti-virus solutions, updated with new DAT files released within hours of
Nachi's discovery, protect against Nachi. By scanning files as they are saved
to disk, McAfee anti-virus solutions can detect and eradicate this worm. (ma) Network
Associates Ansprechpartnerin:
Isabell Unseld Tel.
(089) 3707-1535, Fax (089) 3707-1199 E-Mail:
isabell_unseld@nai.com Web: www.nai.com |
