Very Funny Indeed
http://zdnet.com.com/2100-1105_2-5065117.html
A variant of MSBlast spread on Monday, but the new worm has an odd
twist: It applies a patch for the vulnerability that it and other
MSBlast worms use to infect Windows systems.
The new worm, dubbed W32.Welchia, W32/Nachi and Worm_MSBlast.D,
appears to properly download the patch for both Windows 2000 and
Windows XP from Microsoft's Web site. Moreover, the variant will
delete itself the first time an infected computer starts up in 2004.
That doesn't mean that such worms are a good idea, said Joe Hartmann,
North American director for antivirus research at security software
firm Trend Micro.
"This is just a regular worm like anything else," he said. "In the
end, they are going to cause more trouble than they help."
Despite the apparent lack of malicious intent, the worm still sends a
great deal of unwanted traffic, as it tries to spread to other
computers. In addition, if several computers download the patch from
Microsoft at the same time, it could slow network performance,
Hartmann said.
"That's the way we found out about this--when our clients came to us
complaining of slow network performance," he said.
The original variant of the MSBlast worm continued to spread over the
weekend and has likely infected more than 570,000 computers, according
to security firm Symantec. The company's data measures the number of
Internet addresses that show signs of a worm infection. Because
Internet addresses don't correspond to single computers, the number is
a rough estimate of total infections. Moreover, it is uncertain what
fraction of those compromised computers has been cleaned of the
infection.
Oliver Friedrichs, senior manager for Symantec's security response
center, agreed that worms aren't a good way to distribute patches.
"I don't necessarily think whenever you infect someone's systems,
install software and reboot the computer that that is a good thing,"
he said. "It still tries to propagate; it is still attacking people
over the Internet."
The patching worm doesn't install software on all computers. The
latest variant of MSBlast only plugs the security holes on the
English, Korean and Chinese versions of Windows XP and Windows 2000.
And it doesn't remove infections that have already compromised a
computer.
The latest variant of the worm comes three days after Microsoft
managed to dodge a denial-of-service attack promised by the original
worm. The attack, which would have leveled a flood of data at
Microsoft's Windows Update site, was foiled when the software giant
deleted the address the worm was targeting. The worm is expected to
continue to spread despite the aborted attack.
Microsoft also announced on Friday that an e-mail hoax is circulating.
The subject line of the e-mail is "updated," and the message appears
to contain a critical update to patch systems against the MSBlast
worm. In reality, clicking on the attached file will infect the
recipient's computer with a Trojan horse program. Antivirus company
Sophos dubbed the new program Graybird. Microsoft warned consumers
that it never uses e-mail to distribute patches.
http://zdnet.com.com/2100-1105_2-5065117.html
That's one way to make sure it gets installed! ROFL!
Disclaimer
My advice is as-is. It could trash your system.
