Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Nachi-F

Mar 8, 2004 11:28PM PST

Aliases
Worm.Win32.Welchia.f, W32.Welchia.D.Worm

Type
Win32 worm

Description
W32/Nachi-F is a worm which spreads to computers at random IP addresses that are infected with W32/MyDoom-A or are vulnerable to the following Microsoft buffer overflow vulnerabilities: DCOM RPC, WebDAV, IIS5/WEBDAV and Locator Service.
For further information see Microsoft Security Bulletins MS03-026, MS03-007 and MS03-049.

The worm connects to random IP addresses on port 135 or 445 and exploits these buffer-overflow vulnerabilities to execute a small amount code on computers that have not been patched. The buffer overflow code downloads the worm and runs it. The worm allows itself to be downloaded via a random port above 1024.


More: http://www.sophos.com/virusinfo/analyses/w32nachif.html

Discussion is locked