Joined
·
1,615 Posts
Due to an increase in submissions, Symantec Security Response has upgraded W32.Welchia.Worm to Category 4, as of 6:00pm Monday, August 18, 2003.
W32.Welchia.Worm is a worm that exploits multiple vulnerabilities, including:
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm specifically targets Windows XP machines using this exploit.
The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80. The worm specifically targets machines running Microsoft IIS 5.0 using this exploit. IIS 5.0 will most likely be found on Windows 2000 systems.
W32.Welchia.Worm does the following:
Attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, install it, and then reboot the computer.
Checks for active machines to infect by sending an ICMP echo request, or PING, which will result in increased ICMP traffic.
Attempts to remove W32.Blaster.Worm.
A removal tool, courtesy of Symantec can be found
here
W32.Welchia.Worm is a worm that exploits multiple vulnerabilities, including:
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm specifically targets Windows XP machines using this exploit.
The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80. The worm specifically targets machines running Microsoft IIS 5.0 using this exploit. IIS 5.0 will most likely be found on Windows 2000 systems.
W32.Welchia.Worm does the following:
Attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, install it, and then reboot the computer.
Checks for active machines to infect by sending an ICMP echo request, or PING, which will result in increased ICMP traffic.
Attempts to remove W32.Blaster.Worm.
A removal tool, courtesy of Symantec can be found
here
