Finance Shopping Travel Webhosting Business Webmaster Hotels More

Keyword links
Business
Computer
Debt
Education
Finance
Games
Health
Jobs
Kids
News
Processors
Real estate
Shopping
Software
Sports
Supplements
Telecom
Translators
Travel
Webdesign
Webhosting
Webmaster
More topics.....


logo.jpg (25250 bytes)

Home | Advertising | Keywords | Work at home | Contact us

Welchia.b virus


Google
  Web www.ugamedia.com

Welchia returns: a new version of the 'virtuous' virus

Virus analysts at Kaspersky Labs have detected a new version of Welchia
in the wild. The original Welchia allegedly 'cured' machines infected by
Lovesan: the new version supposedly 'disinfects' machines infected by
Mydoom.

Welchia.b uses the DCOM RPC vulnerability and the WebDav vulnerability
in MS IIS 5.0 to spread through the Internet. It then attempts to locate
and delete Mydoom, as well as installing the Microsoft patch for the
DCOM vulnerability.

These actions may seem constructive, not destructive at first glance.
However, the author of Welchia has committed at least two cyber-crimes:
unauthorized access (breaking and entering) and continued unsanctioned
access. While reminding users to use patches is important, it should be
only done by legal means.

Welchia.b is coded to retain control over infected computers until June
1, 2004. Useful Links Detailed descriptions of: Welchia.b
(http://www.viruslist.com/eng/viruslist.html?id=949424) Mydoom.a
(http://www.viruslist.com/eng/viruslist.html?id=841769) Mydoom.b
(http://www.viruslist.com/eng/viruslist.html?id=850737) Lovesan
(http://www.viruslist.com/eng/viruslist.html?id=61577) Welchia.a
(http://www.viruslist.com/eng/viruslist.html?id=65727) MS Security

Bulletins: DCOM RPM vulnerability

WebDav in MS IIS 5.0

Kaspersky Lab News Agent
10 Geroyev Panfilovtcev St.,
Moscow, 123363,
Russia
Telephone./Facsimile: +7 (095) 948 43 31
WWW: http://www.kaspersky.com, http://www.viruslist.com
FTP: ftp://ftp.kasperskylab.ru

 

 

 

 

Click here for information