|
-
August 18th, 2003, 10:38 PM
#12
Not my normal heads up.... But then I normaly post Virii Warnings in the AntiVirus Forum.. Isn't that what it is for??
W32.Welchia.Worm
This is a Cat2 warning from Symantec.. BUT
Wild: Low
Damage: Low
Distribution: Low
And the overview:
W32.Welchia.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, install it, and then reboot the computer.
The worm will also attempt remove W32.Blaster.Worm.
and the last 3 points from the technical details:
Attempts to connect to Microsoft's Windows Update and download the DCOM RPC vulnerability patch.
Once the update has been download and executed, the worm will reboot the computer so that the patch is installed.
Checks the computer's system date. If the date is January 1, 2004, the worm will disable itself.
BTW: the AKA List
W32/Welchia.worm10240 [AhnLab]
W32/Nachi.worm [McAfee],
WORM_MSBLAST.D [Trend],
Lovsan.D [F-Secure]
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote