Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Nachi-G

Mar 16, 2004 12:01AM PST

Aliases
Worm.Win32.Welchia.h, W32/Nachi.worm.gen, Win32/Nachi.H, W32.Welchia.D.Worm

Type
Win32 worm

Description
W32/Nachi-G is a worm which spreads to computers at random IP addresses that are infected with W32/MyDoom-A or are vulnerable to the following Microsoft buffer overflow vulnerabilities: DCOM RPC, WebDAV, IIS5/WEBDAV and Locator Service.
For further information see Microsoft Security Bulletins MS03-026, MS03-007 and MS03-049.

The worm connects to random IP addresses on port 135 or 445 and exploits these buffer-overflow vulnerabilities to execute a small amount code on computers that have not been patched. The buffer overflow code downloads the worm and runs it.


More: http://www.sophos.com/virusinfo/analyses/w32nachig.html

Discussion is locked