Companies can take a few steps to prevent getting infected from the Nachi worm. Protecting against Nachi will also help prevent getting hit with Lovsan and other worms that exploit the RPC-DCOM vulnerability. These tips highlight ways to keep Nachi out.
Patch, patch, patch: The best way to prevent getting hit by the Nachi worm is patching the flaw it exploits. By installing the RPC-DCOM patch from Microsoft, one also protects against the Lovsan worm and all its variants. Doing such would also prevent infection from future worms that target the vulnerability. Also, one should install the patch for the Windows WebDav as there have been reports that the worm tries to exploit that as well. That flaw is found in Windows 2000, Windows XP and Windows NT 4.0.
Update, update, update: Updating antivirus signature files is another way to prevent infection from the Nachi worm. But it only helps address that specific worm, not others such as Lovsan that also target the RPC-DCOM vulnerability. Care should be taken to ensure remote offices and telecommuters (who don't get e-mail through a VPN connection) have the pattern file for Nachi.
Block port 135:Nachi spreads by scanning port 135 for systems with the RPC vulnerability. Blocking the port would help prevent infection but some business may need it open for applications to work properly.
Install desktop personal firewalls: Virtually all businesses of any size have gateway firewalls but personal firewalls aren't so pervasive. They offer a wide range of protection, including the ability to stop Nachi and Lovsan from infecting vulnerable systems.
Secure network file shares: Nachi can spread within a network using Windows network shares. Companies need to make sure access to network shares is controlled and well-documented.
FOR MORE INFORMATION:
FEEDBACK: How do you prioritize your patching processes?
Send your feedback to the SearchSecurity.com news team.