HEADS UP - New Welchia worm based on RPC2
At approximately 4:42PM EST, I began tracking massive infections on my network. All of my triggers pointed to the W32.Welchia worm however this seems to be a new variant that the AV companies aren't aware of as of yet. Seems that boxes patched with the latest RPC patch are not affected.
My external triggers and internal triggers are going insane. Looks like this is traveling across the internet very quickly. So far, the only footprints are port 707 TCP is open on infected hosts and my IDS is showing propigation source and destination as TCP 0 (which we know isnt happening).
Keep your eyes open folks. This should be a fun evening.
EDIT: 5:05 EST - Nachia IDS triggers are also going off on this one. This is gonna be ugly!