W32.Welchia.Worm is a worm that exploits multiple vulnerabilities, including:

* The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm specifically targets Windows XP machines using this exploit.
* The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80. The worm specifically targets machines running Microsoft IIS 5.0 using this exploit.


W32.Welchia.Worm does the following:

* Attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, install it, and then reboot the computer.
* Checks for active machines to infect by sending an ICMP echo request, or PING, which will result in increased ICMP traffic.
* Attempts to remove W32.Blaster.Worm.
-----------------------------------------------------------------------
Symantec Report: http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
More News on the worm: http://www.atnewyork.com/news/article.php/3065761

Is this Microsoft's answer to the worm?
Or did some poor soul think microsoft isn't doing enough and decided to take things into his own hands by releasing a 'good worm'?

Is this Microsoft's answer to the worm?
Or did some poor soul think microsoft isn't doing enough and decided to take things into his own hands by releasing a 'good worm'?


Its Ironic....very very Ironc.

Notice, Welchia utilizes a different exploit. Further showing another hole in the Windows OS. Should Windows users be happy about that? I think not, irrespective of who wrote the worm. It exploits the system through one of the many flaws it is now showing to have.

I join Matronyx on this and say ...... LINUX ANYONE ?

It utilizes another exploit that users/admins should have also patched long ago.

What this worm is doing is taking up a lot of bandwith on network servers, as it tries to download these patches from microsoft. Causing almost a DOS attack on microsoft's server.

It utilizes another exploit that users/admins should have also patched long ago.

What this worm is doing is taking up a lot of bandwith on network servers, as it tries to download these patches from microsoft. Causing almost a DOS attack on microsoft's server.


This being the case then why did the create the worm in the first case ::) . If its a case that is should have been patched already, then waste of time create it. Even if it after creation then, why not patch the hole the it exploits?

windows got worms ;D

Girls, girls, girls. To sit and wine about windows' need for a 'wash out' is really redundant and unnecesary. It will never end. Why? Because windows is flawed from the ground up.

On the surface it seems as if all these worms and viruses as of late, are attacking windows at the OSI level, and though this is true, the problem is rooted much deeper.

Take my windows box and my Linux laptop.

When a worm hits XP, it gets hit HARD. It can do a myriad of things, not the least of which is wrench the computer from my control and have it do someone else’s bidding. It can erase my files, send off classified information and effectively disable my network.

When a worm hits my Linux box what's it gonna do? Start up services to slow my network down? No. Send off files and folders with my credit card information? No. Is it gonna delete my library of mp3s? No (Thank God. I can't live without my Beatles).

This worm can do nothing to affect my machine directly. Worse case, it'll sit as a hidden service and sniff out my network for passwords. This is a totally different issue all together and can easily be fixed at the OSI level by such measures as encryption.

At the end of the day, the Operating System is SECURE*!!! Everything else falls on the shoulders of he admins to set up policies and procedures.

I'm not saying use Linux, I'm just saying...


*Disclaimer: there are some improperly designed applications that may allow attacks such as buffer overflows to be successful, however, this is usually used as a means of loading a worm, once it's loaded all restrictions noted above still apply and renders it pretty helpless.

.....use linux.

(continued from above post)

I'm already using linux. I'm also using windows.
I don't get hit by worms. I don't get affected by viruses.

I don't need to use Linux to not get affected by worms or viruses. I haven't gotten infected by a virus or a worm in years.

But I still would like to dicuss the latest worm that is propagating the internet. Or the latest virus that is infecting computers, without being told that I must use linux instead. :-\

We have already talked about dropping this "use linux" response to everyone's winwoes. Can it be dropped please? :(

Arch_Angel,

We have had to assist customers in the battle against worms, trojans, virus code, etc.

Here are a few recommendations:


Prepare a comprehensive security policy. Provide all users with a written document advising them of acceptable network use. Educate, educate, educate your users re: the consequences of their actions.

Set up a corporate edition of a good anti-virus product. This will update all the hosts with the latest virus definitions.

Block Kazaa and similar download sites. Attackers include trojan code in downloads. If people want to download music, let them do it at home.

Purchase a good product for detecting trojans and spyware. Check the developer of your anti-virus product or firewall.

Review Microsoft's patches every few days. IMHO most attackers focus on Microsoft products because they are mostly widely used.

Set up a test network so that you can test all patches before implementing them in your production environment.

Educate yourself. Read www.news.com daily. Subscribe to a good security news bulletin. Read the material at www.sans.org weekly. I have noticed that certain members of the forum consistently know of these things before they become public knowledge. I have subscribed to the Windows security bulletin at http://www.secadministrator.com

When downloading from Linux sites, use PGP or other mechanisms to verify the authenticity of the download.
Not all Linux sites provide this facility, but the practice is becoming more popular. Over the last year or so, one or two sites were compromised and trojan code was added to some downloads.

Laugh at the Linux people when the next Linux security breach occurs. News.com reports them. They are not as frequent as the Windows breaches but they do happen. A major one was reported last week.

To be fair to Matronyx, Nastro and Cknight, however, Microsoft really needs to do more to improve the security of its products. They have admitted that this is something that needs to be done.

It will be interesting to see what happens when Linux gets more popular and attackers start writing code just for it.

BTW,

It is very important to test patches before you implement them, especially service packs. They sometimes fix one problem and cause another. www.win2000mag.com currently has a list of difficulties created by Windows 2000 service pack 4. Just do a search on "service pack 4".

There is no such thing as a secure network. Just varying degrees of insecurity. Perhaps all we can do is to have the infrastructure in place to react quickly when we overlook something. ;D

Jamrock, that is all good info. And I don't mean to come across saying that we should stop telling people about good security practices. We should as a lot of persons don't know how to secure thier computer.

But is saying "use linux" the answer to everyone's windows security problems?

We need to offer windows solutions as you mentioned jamrock, to users who have security problems. And also mention that an alternative solution is to use linux, but not THE answer to thier windows problems.

You can be secure using a Windows OS. You can never be hit by a virus or a worm, once you know how to keep your windows sytem safe from these kinds of attacks.

And that's all I am saying... :)

Same old story ::) ::) ::) , over and over again. Everyday I visit techjamaica, and there is something I notice. Whenever most people have a problem or point out a problem with windows, the first advice is for that user to drop windows and use linux.

whats up with that??

Y should a person having a problem with windows just drop it at the first sign of a problem and pick up linux??
This doesnt make sense, if that is how we want people to look at life, then I guess life is really messed up.
Imagine u buy a car today and next 3 months it needs a couple of repairs, r u going to drop it and go buy another?? No, u r going to get it repaired and continue to drive it when it is repaired, and then proceed to safegaurd against damaging it again.

Y give up on the car????????

Shouldnt the user choose to use linux on their own without being forced to do it?? I feel that people who do this is just trying to get a larger userbase to use linux. its almost like spamming if u ask me. spammers/pop ups give u info u dont really need, and basically force u to look at summen u didnt choose to look at.

It all comes down to choice. I have been using windows from ever since, yeah it has problems, so what??? I still use it, I have a pc at home with windows installed, I protect it the best I can with the knowledge that 100% protection is not possible. So I ask again, y tell users to use linux???

Same old story ::) ::) ::) , over and over again. Everyday I visit techjamaica, and there is something I notice. Whenever most people have a problem or point out a problem with windows, the first advice is for that user to drop windows and use linux.

whats up with that??


I have your back <<MiTcHiE>>, I am a avid windows user and while I think it has flaws I wanna ask all the Linux users out there one question?....... Is linux for everybody or is it better for the corporate market? Is Linux susseptable to viruses and worms?

<c4u link=board=5;threadid=1612;start=0#msg16247 date=1062223034]
Is linux for everybody or is it better for the corporate market? Is Linux susseptable to viruses and worms?


Short answer, it can be. Linux can be for everyone, but some have the impression that it is mainly for business backends.

I wont preach the benefits of the use of linux for personal reasons in this forum but they are numerous and far reaching.

Is Linux susceptible to viruses and worms, no and yes respectively. If you have any more questions or would like to discuss this indepth, head over to the Linux forum.