Results 1 to 14 of 14

Thread: W32.Welchia.Worm (if you think Blaster worm is gone)

  1. #1
    Member ransoma22's Avatar
    Join Date
    Mar 2002
    Location
    KTV Lounge Hall
    Posts
    1,212

    Exclamation W32.Welchia.Worm (if you think Blaster worm is gone)

    W32.Welchia.Worm is a worm that exploits multiple vulnerabilities:

    exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm specifically targets Windows XP machines using this exploit.

    exploits the WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80. The worm specifically targets machines running Microsoft IIS 5.0 using this exploit.

    The worm attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, install it, and then reboot the computer.

    The worm checks for active machines to infect by sending an ICMP echo, or PING, which will results in increased ICMP traffic.

    The worm will also attempt to remove W32.Blaster.Worm.

    Extracted from:
    http://www.symantec.com/avcenter/ven...chia.worm.html

  2. #2
    Member
    Join Date
    Mar 2002
    Location
    Singapore
    Posts
    424

    Default

    eeps, not another one...

  3. #3

    Default

    Sounds like a helpful worm

  4. #4

    Default

    Quote Originally Posted by reno77
    Sounds like a helpful worm
    haha ... so should we hope tat we kena it ??

  5. #5
    Deregistered
    Join Date
    Oct 2002
    Location
    Kitten's Den
    Posts
    733

    Default

    Quote Originally Posted by West_ray
    haha ... so should we hope tat we kena it ??
    Nah, you don't want to kenna this one.

    Causing slow network to many WAN link and internet link right now as we speak.

    Many networks in Japan and Singapore are being slow down since yesterday.....

  6. #6
    andylee
    Guests

    Default

    Hello,go to where har to get patch??

  7. #7

    Default

    Quote Originally Posted by andylee
    Hello,go to where har to get patch??
    huh? u kena this worm liao ar ???? wahhh ... u very into fashion and trends hor ... wanan be the 1st to get it ar ...

  8. #8
    andylee
    Guests

    Default

    Ai yah, my company's IT expert has been telling me to be careful mah, if got how to go to clubsnap??

  9. #9
    Deregistered
    Join Date
    Oct 2002
    Location
    Kitten's Den
    Posts
    733

    Default

    Quote Originally Posted by andylee
    Ai yah, my company's IT expert has been telling me to be careful mah, if got how to go to clubsnap??
    Best is to practise "safe computing", but for this virus you
    have to make sure your windows is properly patched.

    NAV live update 18/8 already protected against this one.

  10. #10
    Member
    Join Date
    Sep 2002
    Location
    Sengkang
    Posts
    567

    Default

    sigh.. not again...

  11. #11
    Deregistered tweakmax2's Avatar
    Join Date
    Apr 2003
    Location
    Pasir Ris
    Posts
    198

    Default

    sianz with virus..... formated my com several times this wk liao.....

  12. #12
    andylee
    Guests

    Default

    hey man, today my company email account start getting stupid mails,something like "your violent wallpaper" stuff!!! wa liao, almost 20 odd mail of sorts.but they have one things in common!!all very big file size with funny names!!muz be those people who forward without knowing they have fungus!!! really slow down my work!!
    Last edited by andylee; 21st August 2003 at 01:01 AM.

  13. #13
    Member ransoma22's Avatar
    Join Date
    Mar 2002
    Location
    KTV Lounge Hall
    Posts
    1,212

    Default

    Quote Originally Posted by andylee
    hey man, today my company email account start getting stupid mails,something like "your violent wallpaper" stuff!!! wa liao, almost 20 odd mail of sorts.but they have one things in common!!all very big file size with funny names!!muz be those people who forward without knowing they have fungus!!! really slow down my work??

    It could be this virus
    http://us.mcafee.com/virusInfo/defau...virus_k=100561

  14. #14
    Member
    Join Date
    Jun 2003
    Location
    Pasir Ris
    Posts
    388

    Default

    Email virus Sobig is also on the loose...

    Here

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •