While we had few, if any, incidents of the now infamous Blaster worm, we just experienced the effects of the ill-conceived Nachi worm. This worm supposedly cleans up and patches systems that are vulnerable to the same exploit. This is a striking example of how vigilante justice and the desire to write "cleanup" worms is, if anything, worse than the original worms.

The Nachi worm exploits the same vulnerability that the Blaster worm uses, however its aims are to cure the affected computer. It attempts to download system patches from Microsoft, apply them, and then spread to other vulnerable computers, fixing them. Unfortunately, its method of spreading uses ICMP "ping" packets to map out the network. This causes severe congestion on local area networks and renders completely unusable wide area networks such as the college's T1 line. Thanks to an emergency firewall device, we were able to isolate the infected network and block these ping packets, using both the firewall and the campus core routers. We are currently in the process of cleaning up the systems infected with the "cleanup" worm.

[Note: "Lovsan" is an alternate name for the Blaster worm.]