iPhone 14 Pro vs. 13 Pro Cameras Tesla Optimus Robot Best Free VPNs Apple Watch 8 Deals AT&T Hidden Fee Settlement Google Pixel 7 Pro Preview Heating Older Homes National Taco Day
Want CNET to notify you of price drops and the latest stories?
No, thank you

Nachi variant sends a political message

Nachi.B comes with an HTML document titled, "Let History Tell Future," and is aimed at computers running Japanese versions of Windows.

A new variant of the Nachi worm has emerged that is apparently sending a political message to computers running Japanese versions of Windows.

Nachi.B, discovered Wednesday, has attacked only a small number of computers so far and is less troublesome than its predecessor. But unlike the earlier Nachi worm, which took down computer networks, this version seems politically motivated, security experts said Thursday.

Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

The worm places an HTML document titled, "Let History Tell Future," on computers' Windows System Directory. The document contains various key dates from World War II involving Japan and China, for instance, when Japan invaded Manchuria.

"The dates appear to coincide with when Japan engaged in some kind of aggression against China," said Joe Telafici, a director of operations at Network Associates. "The first Nachi was a misguided attempt to identify the MSBlast Worm and clean it up. This one seems to be an attempt to get revenge in some way on Japan. We suspect it was written by someone in China or a Chinese national."

Although the virus will uninstall itself June 1, it will remain on computers that run Japanese versions of Windows.

The worm, which seeks an Internet connection via the Google, Intel and Microsoft sites, is expected to try to exploit four Microsoft vulnerabilities, two of which attack Microsoft's WebDav and Workstation service.

Nachi.B also tries to remove the MyDoom A and B variants from computers. The previous version of Nachi attempted to find and patch the MSBlast worm, but its aggressive scanning for systems disrupted corporate networks.

Because a number of companies installed patches for the original Nachi, the damage from this latest worm is less widespread, said Dee Liebenstein, a group product manager for Symantec Security Response. She said Symantec has received 20 cases involving the worm.

Network Associates has encountered fewer than 100 cases, Telafici said.