View Full Version : Alert! W32.Welchia.Worm Category 4 (Severe)

08-19-03, 10:16 PM
From the Symantec Security Response Center:

What is W32.Welchia.Worm and how does it affect me?
W32.Welchia.Worm is a worm that exploits multiple vulnerabilities:

Exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm specifically targets Windows XP machines using this exploit.

Exploits the WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80. The worm specifically targets machines running Microsoft IIS 5.0 using this exploit.

The worm attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, install it, and then reboot the computer.

The worm checks for active machines to infect by sending an ICMP echo request, or PING, which will result in increased ICMP traffic.

To read more about the W32.Welchia.Worm, please click here.

What action can I take from here?
Symantec Security Response posted virus definitions to protect against this threat on August 18, 2003 (via LiveUpdate). All users of Norton AntiVirus who do not have up-to-date virus protection should immediately run LiveUpdate for protection from W32.Welchia.Worm.

Virus definitions are available via the LiveUpdate feature in the Norton AntiVirus product or the Symantec Security Response Web site.

Symantec Security Response encourages all Norton AntiVirus users to regularly download virus definitions in order to protect against future threats.

08-19-03, 10:44 PM
How is AVG from grisoft on this virus? I use grisoft AVG for free; they don't charge single users. It was recommended to me by a computer repair shop, after my computer drive crashed. I have enjoyed its virus protection for over a year.


08-19-03, 11:07 PM
I have never actually used AVG before, but you might keep in mind that *free* versions usually dont get the same attention (i.e. timely a/v definitions) as do the paid versions. This can mean all the difference in the world when stopping/preventing the spread of a virus in the wild.

It should also be noted that abundant rumors have spread that Microsoft has purchased AVG, and plans on rolling out their own A/V product soon. This will likely spell the end of the *free* AVG as a viable a/v solution.