Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search


W32.Welchia.Worm - Lvl 4 - W32.Dumaru@mm - Lvl 3

Symantec Security Response - W32.Welchia.Worm - Level 4, W32.Dumaru@mm - Level 3
Symantec Security Response has upgraded the W32.Welchia.Worm to a Level 4 threat (high) - rating 1-5, 5 being the highest.

Symantec has upgraded this threat due to the nature of the worm and its effect particularly on corporate enterprise networks. The worm expoits two vulnerabilities, Microsoft DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026 using TCP port 135 and Miscrosoft WebDavvulnerability (described in Microsoft Security Bulletin MS03-007 using TCP port 80.

(The worm will attempt to download the DCOM RPC vulnerability patch from Microsoft's update site. If the update has been successful, the worm will reboot the computer so the update takes effect). Once a system is infected, the worm aggressively searches for other machines to infect. This results in an increase in traffic that impacts the network performance.

Symantec is receiving reports of severe disruptions on the internal networks of large enterprises caused by ICMP flooding related to propagation of W32.Welchia.worm. W32.Welchia.Worm has been propagating at a rapid pace in the wild, especially once inside corporate perimeters. In some cases enterprise users have been unable to access critical network resources.

Even though corporations had perimeter defences in place, in response to the W32.Blaster.Worm, internal infection is running high. Deployment of the security patch in large, geographically dispersed environments is exprected to take weeks to months. Both the W32.Blaster.worm and W32.Welchia.Worm are clear examples of why multiple levels of security needs to be deployed at various tiers of the network - including policy compliance for remote access users.

For more information on how the worm executes itself - please visit

Symantec has also discovered a new mass mailing worm - W32.Dumaru@mm that has been rated at a Level 3 (moderate). This worm drops an IRC Trojan onto the infected machine. The worm gathers e-mail addresses from certain file types and uses its own SMTP engine to e-mail itself. The e-mail will appear to have been sent from

Consumers and small businesses are encouraged to update their security patches, antivirus and firewall software, to ensure they are protected from W32.Blaster.Worm and W32.Welchia.Worm.


© Scoop Media

Business Headlines | Sci-Tech Headlines


Voluntary Administration: Renaissance Brewing Up For Sale

Renaissance Brewing, the first local company to raise capital through equity crowdfunding, is up for sale after cash flow woes and product management issues led to the appointment of voluntary administrators. More>>


Approval: Northern Corridor Decision Released

The approval gives the green light to construction of the last link of Auckland’s Western Ring Route, providing an alternative route from South Auckland to the North Shore. More>>


Media Mega Merger: Full Steam Ahead For Appeal

New Zealand's two largest news publishers have confirmed they are committed to pursuing their appeal against the Commerce Commission's rejection of the proposal to merge their operations. More>>

Crown Accounts: $4.1 Billion Surplus

The New Zealand Government has achieved its third fiscal surplus in a row with the Crown accounts for the year ended 30 June 2017 showing an OBEGAL surplus of $4.1 billion, $2.2 billion stronger than last year, Finance Minister Steven Joyce says. More>>


Mycoplasma Bovis: One New Property Tests Positive

The newly identified property... was already under a Restricted Place notice under the Biosecurity Act. More>>

Accounting Scandal: Suspension Of Fuji Xerox From All-Of-Government Contract

General Manager of New Zealand Government Procurement John Ivil says, “FXNZ has been formally suspended from the Print Technology and Associated Services (PTAS) contract and terminated from the Office Supplies contract.” More>>