Skip to main content
The Web      Powered by
powered by Yahoo!

Good worm claims to fight Blaster

Story Tools

Has your computer ever been affected by a virus or worm?

LONDON, England -- A new worm is taking an unusual turn by trying to repair computers infected by the Blaster worm and patch the weakness that it utilizes.

The so-called "good worm," known as "Nachi" or "Welchia," is entering computers worldwide through the same security hole that Blaster used in the Windows operating system.

This time the worm attempts to install Microsoft Windows updates to patch-up the security hole used by last week's deadly worm, as well as clean up if the computer is infected with Blaster.

Even though the latest worm may have good intentions, experts are questioning whether it is likely to spell more trouble for the world's computers.

"Spreading 'good worms' is a very bad idea," Jimmy Kuo, research fellow at anti-virus vendor Network Associates Inc. told Reuters.

"You would rather not have somebody rebooting your machine in the middle of what you are doing, regardless of their intentions," he added.

The Welchia worm is rated a threat level of "medium" by Network Associates.

The initial Blaster worm attack, also called LoveSan or MSBlaster infected hundreds of thousands of office and home computers around the globe, but only those that run on Windows XP, 2000, NT and Server 2003.

It has now led companies to look more closely at their security precautions, even though experts have been aware of the Windows security hole Blaster exploits since mid-July.

The new "good" worm checks for other vulnerable machines to spread to, slowing down networks and putting pressure on tech resources.

Welchia is already spreading in Asia and is only programmed to remove itself from people's systems by 2004.

There are also unconfirmed reports that it may try to attack computers through a different Windows vulnerability, experts told Reuters.

Stuart Okin, chief security strategist for Microsoft UK last week said that a patch for the initial Blaster attack can still be downloaded to stop the worm.

It was developed in time and many customers used it. Some had their anti-virus software updated automatically.

But many thousands of other customers did not know of the danger or how to stop it until it was too late.

"You do your best to get the communication out there and wave the flag," said Okin.

He said 40 million users had downloaded the patch over the last two weeks and urged others to do the same via the updates site -- the same one the hackers want to bring down.

The FBI is investigating the source of the worm, but the culprit is not known.

According to security firm TrendMicro, the worm's text includes the message: "I just want to say LOVE YOU SAN!! Billy Gates why do you make this possible? Stop making money and fix your software!!"

Story Tools
Subscribe to Time for $1.99 cover
Top Stories
Burgers, lattes and CD burners
Top Stories
CNN/Money: Security alert issued for 40 million credit cards


International Edition
CNN TV CNN International Headline News Transcripts Advertise With Us About Us
   The Web     
Powered by
© 2005 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines. Contact us.
external link
All external sites will open in a new browser. does not endorse external sites.
 Premium content icon Denotes premium content.
Add RSS headlines.