Welchia Worm -- Welchia, w32.nachi, WORM

Technology Info, Tips, FAQs
You Can Use

Virus Information

Welchia Worm
Welchia, w32.nachi, WORM_MSBLAST.D
Virus Alert August 2003

Welchia Worm

Detected: August 2003

Platform: Windows, IIS, email

Aliases: Welchia, w32.nachi, WORM_MSBLAST.D

Propagation: Internet, email

Description: W32.Welchia.Worm exploits the RPC/DCOM vulnerability. It will attempt to disinfect Blaster, install the RPC/DCOM patch, and reboot the infected machine. Then it tries to spread through the network to other unpatched machines (using Port 135 or 80) by pinging them, generating massive network traffic. It re-executes on each system boot up. Systems must be patched for RPC/DCOM before disinfection.

It installs a TFTP Server on infected machines which may allow hacker access.

Patch and Disinfection:
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-007.asp

Reference:
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

back to Technology Content Index

Return to DAWN Ontario

Events Calendar
events, conferences etc

Featured News & Alerts

What's New
additions to the site indexed daily

Contact Us

Sign our Guestbook!

Website created & maintained
courtesy of Barbara Anello

DAWN Ontario
Box 1138 North Bay, ON P1B 8K4

What's New additions to the site indexed daily Contact Us

Sign our Guestbook!

What's New
additions to the site indexed daily

Contact Us