Two new computer attacks are wreacking havoc with PC users this
week, clogging email systems and overwhelming corporate networks. The
first, which oddly enough seeks to undo the damage from the infamous
MSBlaster worm, is a worm called W32.Welchia or W32/Nachi; it
aggressively looks for new hosts that MSBlaster has infected, then
downloads and installs the Microsoft patch that fixes the
vulnerability. The second, SoBig.F and its variants, is a virus and is
more malicious. This virus infects users through email, searches for
email addresses on the users' systems, then sends itself through email
messages to each of those email addresses.
W32.Welchia and SoBig.F would be bad enough on their own, but the
combination of both is causing headaches for IT departments and end
users around the world. W32.Welchia replicates using the same remote
procedure call (RPC) vulnerability that MSBlaster used, and although
it seeks to help users battle MSBlaster, it's faster, more aggressive,
and better written than MSBlaster, so it's hogging bandwidth at many
companies. Security experts say W32.Welchia hasn't affected the wider
The news isn't nearly as positive for SoBig.F and its variants.
Thanks to its rapid replication process, this virus has already
affected millions of users worldwide, dragging down email systems.
SoBig.F doesn't just look in your address book for email addresses,
either, as many previous viruses did. Instead, it also harvests email
addresses from Web pages and other locations. Infected email messages
include an attachment and subject lines such as "Re: Approved," "Your
Details," and "Thank you!" Obviously, if you receive such an email
message, you should delete it and not open the attachment.
As always, the advice is to keep your antivirus definitions
up-to-date and consult with companies such as McAfee, Microsoft, and
Symantec for the most recent security updates, virus-scanning
applications, and other information.