Two new computer attacks are wreaking havoc with PC users this week, clogging email systems and overwhelming corporate networks. The first, which oddly enough seeks to undo the damage from the infamous MSBlaster worm, is a worm called W32.Welchia or W32/Nachi; it aggressively looks for new hosts that MSBlaster has infected, then downloads and installs the Microsoft patch that fixes the vulnerability. The second, SoBig.F and its variants, is a virus and is more malicious. This virus infects users through email, searches for email addresses on the users' systems, then sends itself through email messages to each of those email addresses.
W32.Welchia and SoBig.F would be bad enough on their own, but the combination of both is causing headaches for IT departments and end users around the world. W32.Welchia replicates using the same remote procedure call (RPC) vulnerability that MSBlaster used, and although it seeks to help users battle MSBlaster, it's faster, more aggressive, and better written than MSBlaster, so it's hogging bandwidth at many companies. Security experts say W32.Welchia hasn't affected the wider Internet, however.
The news isn't nearly as positive for SoBig.F and its variants. Thanks to its rapid replication process, this virus has already affected millions of users worldwide, dragging down email systems. SoBig.F doesn't just look in your address book for email addresses, either, as many previous viruses did. Instead, it also harvests email addresses from Web pages and other locations. Infected email messages include an attachment and subject lines such as "Re: Approved," "Your Details," and "Thank you!" Obviously, if you receive such an email message, you should delete it and not open the attachment.
As always, the advice is to keep your antivirus definitions up-to-date and consult with companies such as McAfee, Microsoft, and Symantec for the most recent security updates, virus-scanning applications, and other information.
