AlanBarber.Org


« Carmack speaks to GameSpy | Main | Spam king shuts down... YEA RIGHT! »

Monday, August 18, 2003

New worm fixes security hole!

This is downright goofy folks!

There's a new DCOM RPC worm running the rounds. Officially tagged as
"W32.Welchia.Worm" by Symantec, "WORM_MSBLAST.D" by Trend, and "W32/Nachi.worm" by McAfee it's pretty much the same as the other DCOM RCP worms with one big difference. It's designed to fix the problem!

Get this people. When the worm finds an open system it infects the system and runs the worm on the new system. On the new system the worm searches for the original MSBLAST worm and removes it if found. It then automatically downloads the Microsoft patch to fix the DCOM RPC hole, installs the patch and reboots the machine. It then runs in the background searching out other open systems to spread to until January 1st, 2004. At that time it will delete itself.

There doesn't seem to be any trojan horse or payloads but as a virus/worm it should be considered dangerous. However this has to be the first time in the history of computing that a virus/worm actually fixes the very hold it exploits.

The person that wrote this should get nominated for misguided humanitarian of the year or something.
Posted by AlanBarber on 08/18/2003 at 03:07 PM
Bookmark and Share Computers & Technology • (1) CommentsPermalink

couldn’t there be some smartass who would change the time to january 1, 2004?  wouldn’t the worm delete itself from the machine then on?

Posted by dave  on  08/20/2003  at  10:19 PM

 

Post Comment:

Commenting is not available in this weblog entry.
« Carmack speaks to GameSpy | Main | Spam king shuts down... YEA RIGHT! »