A Worm that removes the Blaster Worm
Spinner
Birmingham, UK
W32.Welchia worm, a new worm discovered on the internet today, helps exterminate the W32.Blaster worm. The new worm looks for signs of the Blaster worm and deletes it if it can and also attempts to download the DCOM RPC vulnerability patch from Microsoft's update site.
Cool stuff, though to be honest, I'd rather download the update myself.
W32.Welchia information:
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
News Source - Nikush
Cool stuff, though to be honest, I'd rather download the update myself.
W32.Welchia information:
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
News Source - Nikush
0
Comments
I think this is the first worm that you wouldnt mind getting on your machine. But remember kids, in computers as in real life, prevention is better than the cure
Start spreading viruses from AV companies that repair major problems. Let it propagate like wildfire.
Windows Automatic Updates :shakehead
bothered.
Those M$ coders get paid extremely well. It should really be their jobs to think of such solutions.
I think it's still a malicious worm cos it'll try & infect all other pc's on the network & get them to download the patch and thus basically try & bringdown the MS update site.
Regards
Jim
Interesting point, Jimbrojae. Plus I'd bet it doesn't delete itself, which raises the question: how long will it waste your bandwidth trying to fix other people's computers?
It's being erased by the Symantec Worm removal tool as I type...
~Cyrix
Some people!:rolleyes2
I've successfully kept two networks with 50 Win2k machines, and my 4 home machines with Win2k free of SoBig, Welchia, Nachi, and Blaster.
So, it genned a lot of network noise. Both in spreading and in causing machines to repeatedly try to download what was not where they were told to look. Good ridance to Welchia.