Article

Patching, updating keep Nachi at bay

Edward Hurley, SearchSecurity.com News Writer

Companies can take a few steps to prevent getting infected from the Nachi worm. Protecting against Nachi will also help prevent getting hit with Lovsan and other worms that exploit the RPC-DCOM vulnerability. These tips highlight ways to keep Nachi out.

Patch, patch, patch: The best way to prevent getting hit by the Nachi worm is patching the flaw it exploits. By installing the RPC-DCOM patch from Microsoft, one also protects against the Lovsan worm and all its variants. Doing such would also prevent infection from future worms that target the vulnerability. Also, one should install the patch for the Windows WebDav as there have been reports that the worm tries to exploit that as well. That flaw is found in Windows 2000, Windows XP and Windows NT 4.0.

Update, update, update: Updating antivirus signature files is another way to prevent infection from the Nachi worm. But it only helps address that specific worm, not others such as Lovsan that also target the RPC-DCOM vulnerability. Care should be taken to ensure remote offices and telecommuters (who don't get e-mail through a VPN connection) have the pattern file for Nachi.

Block port 135:Nachi spreads by scanning port 135 for systems with the RPC vulnerability. Blocking the port would help prevent infection but some business may need it open for applications to work properly.

Install desktop personal firewalls: Virtually all businesses of any size

    Requires Free Membership to View

have gateway firewalls but personal firewalls aren't so pervasive. They offer a wide range of protection, including the ability to stop Nachi and Lovsan from infecting vulnerable systems.

Secure network file shares: Nachi can spread within a network using Windows network shares. Companies need to make sure access to network shares is controlled and well-documented.

FOR MORE INFORMATION:

Virus Alert -- Sobig-F and Nachi

SearchSecurity.com news exclusive: "Simple steps stem Sobig-F's progress"

SearchSecurity.com news exclusive: "Emergence of Sobig-F adds to malware mess"

SearchSecurity.com news exclusive: "Benevolent Nachi worm doing more harm than good"

SearchSecurity.com Ask the Experts

FEEDBACK: How do you prioritize your patching processes?
Send your feedback to the SearchSecurity.com news team.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: