W32.Welchia.Worm - Lvl 4 - W32.Dumaru@mm - Lvl 3

Tuesday, 19 August 2003, 5:35 pm
Press Release: Symantec

Symantec Security Response - W32.Welchia.Worm - Level 4, W32.Dumaru@mm - Level 3
Symantec Security Response has upgraded the W32.Welchia.Worm to a Level 4 threat (high) - rating 1-5, 5 being the highest.

Symantec has upgraded this threat due to the nature of the worm and its effect particularly on corporate enterprise networks. The worm expoits two vulnerabilities, Microsoft DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026 http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp) using TCP port 135 and Miscrosoft WebDavvulnerability (described in Microsoft Security Bulletin MS03-007 http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-007.asp) using TCP port 80.

(The worm will attempt to download the DCOM RPC vulnerability patch from Microsoft's update site. If the update has been successful, the worm will reboot the computer so the update takes effect). Once a system is infected, the worm aggressively searches for other machines to infect. This results in an increase in traffic that impacts the network performance.

Symantec is receiving reports of severe disruptions on the internal networks of large enterprises caused by ICMP flooding related to propagation of W32.Welchia.worm. W32.Welchia.Worm has been propagating at a rapid pace in the wild, especially once inside corporate perimeters. In some cases enterprise users have been unable to access critical network resources.

Advertisement - scroll to continue reading

Even though corporations had perimeter defences in place, in response to the W32.Blaster.Worm, internal infection is running high. Deployment of the security patch in large, geographically dispersed environments is exprected to take weeks to months. Both the W32.Blaster.worm and W32.Welchia.Worm are clear examples of why multiple levels of security needs to be deployed at various tiers of the network - including policy compliance for remote access users.

For more information on how the worm executes itself - please visit http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html.

Symantec has also discovered a new mass mailing worm - W32.Dumaru@mm that has been rated at a Level 3 (moderate). This worm drops an IRC Trojan onto the infected machine. The worm gathers e-mail addresses from certain file types and uses its own SMTP engine to e-mail itself. The e-mail will appear to have been sent from security@microsoft.com.

Consumers and small businesses are encouraged to update their security patches, antivirus and firewall software, to ensure they are protected from W32.Blaster.Worm and W32.Welchia.Worm.

ENDS

Advertisement - scroll to continue reading

Did you know Scoop has an Ethical Paywall?

If you're using Scoop for work, your organisation needs to pay a small license fee with Scoop Pro. We think that's fair, because your organisation is benefiting from using our news resources. In return, we'll also give your team access to pro news tools and keep Scoop free for personal use, because public access to news is important!

Go to Scoop Pro Find out more

Find more from Symantec on InfoPages.

Business Headlines | Sci-Tech Headlines

BUSINESS, SCIENCE & TECH

Business Canterbury: Urges Council To Cut Costs, Not Ambition For City

The Business Canterbury submission addresses concerns over a 'rates hump' and the need for the Council to maintain affordability while managing cost pressures.

Wellington Airport: On Track For Net Zero Emissions By 2028

This progress is a highlight of the airport’s annual Kaitiakitanga report released today, outlining efforts to support the environment, people and communities.

Landcare Research: ANZAC Gall Fly Release Promises Natural Solution To Weed Threat

A Kiwi-Australian collaboration with a difference is underway this ANZAC Day week on Bikini Atoll in the Marshall Islands. The Chief of Quarantine in the Marshall Islands, Ms Silver Wase, says chromolaena was identified as a top priority for the Marshall Islands at a stakeholder workshop held in the country in December 2022.

NZ Anti-Vivisection Society: Auckland Rat Lovers Unite!

On World Day for Animals in Labs, NZAVS is launching a new program to rehome rats bred or used for science with the University of Auckland.

University of Canterbury: $1.35 Million Grant To Study Lion-like Jumping Spiders

A University of Canterbury animal behaviour expert is part of a global team launching pioneering research into the predatory behaviour of jumping spiders.

Federated Farmers: Government Ends War On Farming

Today’s changes to unworkable and expensive regulations mark the end of the war on farming, says Federated Farmers freshwater spokesperson Colin Hurst. "These impractical rules have been a complete nightmare since the day they were introduced and farmers will be pleased to see the back of them," Hurst says.

Join Scoop Pro

Submit News

Become a Member