New Worm Installs Patches

The worm, called Nachi or MSBlast.D, tries to delete Blaster from some infected systems and install patches, according to Trend Micro. Last week's Blaster worm, also called MSBlast and Lovsan, infected hundreds of thousands of systems by exploiting a Remote Procedure Call (RPC) flaw in Microsoft Windows.

Nachi exploits the same flaw but can delete the MSBlast.exe file left by Blaster on machines running Windows 2000 and Windows XP and download Microsoft patches to fix the flaw, according to Trend Micro.

The company rated the new worm as a medium risk. Computer Associates ranked the worm as medium-on-watch, while Network Associates called it a medium risk.

"Some may call this a good virus, but it can cause all sorts of problems when patches are applied to a computer unbeknownst to the administrator of that computer," said Ken Dunham, malicious code intelligence manager at iDefense, said in an alert issued Monday.