JSI Tip 7085. Virus alert about the Nachi Worm.

Microsoft Knowledge Base Article 826234 contains the following summary:

On August 18, 2003, the Microsoft Product Support Services Security Team issued an alert to inform customers about a new worm. A worm is a type of computer virus that generally spreads without user action and that distributes complete copies (possibly modified) of itself across networks (such as the Internet). Generally known as "Nachi," this new worm exploits the vulnerabilities that were addressed by Microsoft Security Bulletins MS03-026 (823980) and MS03-007 (815021) to spread itself over networks by using open Remote Procedure Call (RPC) ports or the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol that is supported by Internet Information Server (IIS) 5.0.

This article contains information for network administrators and IT professionals about how to prevent and how to recover from an infection from the Nachi worm. The Nachi worm is also known as W32/Nachi.worm (Network Associates), Lovsan.D (F-Secure), WORM_MSBLAST.D (Trend Micro), and W32.Welchia.Worm (Symantec).

Computers that are running any of the products that are listed at the beginning of this article are vulnerable if both the 823980 (MS03-026) and 815021 (MS03-007) security patches were not installed before August 18, 2003 (the date that this worm was discovered).

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.