Symantec just upgraded W32.Welchia.Worm to a Category 4 "Due to an increase in submissions."

It exploits RPC/DCOM over port 135. Plus, the new twist to this one that I think warrants a brief mention is:
exploits the WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80. The worm specifically targets machines running Microsoft IIS 5.0 using this exploit.
So, this worm can infect your machine over port 80 if you do not have the WevDAV exploit patched. It will then launch the command prompt and try and TFTP the RPC/DCOM patch.

Therefore, it could try and patch an already patched machine for RPC, if it gets in via WebDAV. But WebDAV stays unpatched.

I wonder why the virus writer only added the RPC patch; if you are gonna make it exploit WebDAV also, why not patch that one also? Heck, why not double the fun?