Patching, updating keep Nachi at bay

The Nachi worm attempts to delete the Lovsan/Blaster worm and patch the vulnerability in Windows systems it exploits. These tips can help keep you safe from Nachi and Lovsan.

Companies can take a few steps to prevent getting infected from the Nachi worm. Protecting against Nachi will also help prevent getting hit with Lovsan and other worms that exploit the RPC-DCOM vulnerability. These tips highlight ways to keep Nachi out.

Patch, patch, patch: The best way to prevent getting hit by the Nachi worm is patching the flaw it exploits. By installing the RPC-DCOM patch from Microsoft, one also protects against the Lovsan worm and all its variants. Doing such would also prevent infection from future worms that target the vulnerability. Also, one should install the patch for the Windows WebDav as there have been reports that the worm tries to exploit that as well. That flaw is found in Windows 2000, Windows XP and Windows NT 4.0.

Update, update, update: Updating antivirus signature files is another way to prevent infection from the Nachi worm. But it only helps address that specific worm, not others such as Lovsan that also target the RPC-DCOM vulnerability. Care should be taken to ensure remote offices and telecommuters (who don't get e-mail through a VPN connection) have the pattern file for Nachi.

Block port 135:Nachi spreads by scanning port 135 for systems with the RPC vulnerability. Blocking the port would help prevent infection but some business may need it open for applications to work properly.

Install desktop personal firewalls: Virtually all businesses of any size have gateway firewalls but personal firewalls aren't so pervasive. They offer a wide range of protection, including the ability to stop Nachi and Lovsan from infecting vulnerable systems.

Secure network file shares: Nachi can spread within a network using Windows network shares. Companies need to make sure access to network shares is controlled and well-documented.

FOR MORE INFORMATION:

Virus Alert -- Sobig-F and Nachi

SearchSecurity.com news exclusive: "Simple steps stem Sobig-F's progress"

SearchSecurity.com news exclusive: "Emergence of Sobig-F adds to malware mess"

SearchSecurity.com news exclusive: "Benevolent Nachi worm doing more harm than good"

SearchSecurity.com Ask the Experts

FEEDBACK: How do you prioritize your patching processes?
Send your feedback to the SearchSecurity.com news team.

This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close