Patching, updating keep Nachi at bay

Article

Patching, updating keep Nachi at bay

Edward Hurley, SearchSecurity.com News Writer

Companies can take a few steps to prevent getting infected from the Nachi worm. Protecting against Nachi will also help prevent getting hit with Lovsan and other worms that exploit the RPC-DCOM vulnerability. These tips highlight ways to keep Nachi out.

Patch, patch, patch: The best way to prevent getting hit by the Nachi worm is patching the flaw it exploits. By installing the RPC-DCOM patch from Microsoft, one also protects against the Lovsan worm and all its variants. Doing such would also prevent infection from future worms that target the vulnerability. Also, one should install the patch for the Windows WebDav as there have been reports that the worm tries to exploit that as well. That flaw is found in Windows 2000, Windows XP and Windows NT 4.0.

Update, update, update: Updating antivirus signature files is another way to prevent infection from the Nachi worm. But it only helps address that specific worm, not others such as Lovsan that also target the RPC-DCOM vulnerability. Care should be taken to ensure remote offices and telecommuters (who don't get e-mail through a VPN connection) have the pattern file for Nachi.

Block port 135:Nachi spreads by scanning port 135 for systems with the RPC vulnerability. Blocking the port would help prevent infection but some business may need it open for applications to work properly.

Install desktop personal firewalls: Virtually all businesses of any size

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

have gateway firewalls but personal firewalls aren't so pervasive. They offer a wide range of protection, including the ability to stop Nachi and Lovsan from infecting vulnerable systems.

Secure network file shares: Nachi can spread within a network using Windows network shares. Companies need to make sure access to network shares is controlled and well-documented.

FOR MORE INFORMATION:

Virus Alert -- Sobig-F and Nachi

SearchSecurity.com news exclusive: "Simple steps stem Sobig-F's progress"

SearchSecurity.com news exclusive: "Emergence of Sobig-F adds to malware mess"

SearchSecurity.com news exclusive: "Benevolent Nachi worm doing more harm than good"

SearchSecurity.com Ask the Experts

FEEDBACK: How do you prioritize your patching processes?
Send your feedback to the SearchSecurity.com news team.