'Robin Hood' virus on the loose

Thursday, 12 February 2004 20:32 EST

A new variant of the Nachi worm is patching PCs that are vulnerable to MyDoom.A. Nachi B, also known as Welchi, copies itself onto systems using the same flaw as MyDoom.A, as a file named 'Svchost.exe'. It then attempts to delete MyDoom and downloads patches to fix the security hole. Carole Theriault, security consultant at Sophos, said: "It's an interesting case - some kind of Robin Hood virus. "We're seeing some spreading but it's not going too fast. We're hoping everyone with MyDoom would have stripped it out by now. If IT managers haven't updated by now they are way behind the curve."

Viruses to deal with viruses are nothing new. In the mid 1990s a boot sector virus called Chinese Fish attempted something similar by removing a virus called Stoned.

Nachi's first incarnation emerged last year as an attempt to patch the security hole exploited by the Blaster worm.

Read Full Story

News

20 ways to Secure your Apache Configuration
Jun 16, 2006, 15:03 EST

Layered Encryption, an Absolute Necessity
Jun 16, 2006, 15:01 EST

Phishing scam uses PayPal secure servers
Jun 16, 2006, 13:32 EST

IPLocks Closes $11 Million in Strategic Funding
Jun 16, 2006, 08:34 EST

Doombot Worm Spreads Via Phishing Model Attack
Jun 16, 2006, 07:14 EST

Fusion Softphone Turns Computer into VoIP Telephone
Jun 16, 2006, 06:17 EST

Genuine Advantage is Microsoft spyware
Jun 16, 2006, 06:09 EST

Sponsors:
Prevent data theft & viruses through network connected USB sticks, PDAs & media players. Control user access to endpoint connections with GFI EndPointSecurity - Free trial!	Check your website security with a FREE website security audit by Acunetix. Audit your web applications for SQL injection, cross site scripting & more with Acunetix Web Vulnerability Scanner	Software security section is sponsored by GFI, a leading developer ofnetwork security, content security and messaging software - Free trial!


Copyright ? IT-Observer.com 2000 - 2006	Privacy Policy \| RSS Feeds