A new computer 'worm' is spreading worldwide through a security hole in Windows used by last week's Blaster worm but is patching the hole instead of crashing the system like Blaster does.
The new worm, dubbed "Welchia" or "Nachi," is similar to Blaster, but it purports to patch the hole Blaster exploited to enter into computers in the first place and tries to clean up after Blaster if the computer is infected with it.
Despite the apparently good intentions of the new worm, spreading "good" worms is a very bad idea, said Mr Jimmy Kuo, research fellow at anti-virus vendor Network Associates.
"You would rather not have somebody rebooting your machine in the middle of what you are doing, regardless of their intentions," he said.
Blaster, also dubbed MSBlaster LoveSan, has infected more than 570,000 Windows XP and Windows 2000 computers since it surfaced last week, according to an estimate from anti-virus vendor Symantec.
The Windows vulnerability it exploits, which experts have known about since at least mid-July, affects computers running Windows XP, 2000, NT and Server 2003.
On English, Korean and Chinese versions of the Windows operating systems, Welchia downloads the patch to fix the computer. Welchia apparently does not do that on other versions of Windows, said Mr Joe Hartmann, director of North American anti-virus research at Tokyo-based Trend Micro.
In some instances, Welchia tries to clean up after Blaster if the computer has been infected with that worm. Then Welchia spreads to other systems that have the vulnerability, said Mr Kuo.
Welchia, which is programmed to delete itself in 2004, is spreading widely in Asia, particularly in Japan, according to Mr Hartmann.
The worm is creating more network traffic, and so a slowdown, for many corporations as it checks for other vulnerable computers to spread to and because it instructs numerous computers in a network to try to download the patch simultaneously.