VirusList.com Virus Alerts & Virus News. Thursday, August 28, 2003
******************************************************************
The "Cure" Causes More Trouble Than The Illness
The Welchia virus has actually caused more Internet-wide problems than the Lovesan virus it was created to defeat.
The virus known as Welchia is a derivative of the Lovesan worm virus that spreads via the Internet to computers running Microsoft operating systems that have not been patched for the DCOM RPC vulnerability. Microsoft made the patch available on July 16, 2003.
Welchia is a sort of "anti-virus virus", but this does not mean it is a good thing. In fact, in this case the cure, 'Welchia', has been more problematic than the pest its creator(s) set out to stop, 'Lovesan'.
Welchia attempts to protect vulnerable computers by identifying those without the DCOM RPC patch and downloading it from Microsoft. Despite any potential good intentions the network traffic soaked up by Welchia caused Air Canada's ticketing system to fail. Welchia is also attributed with bringing down the railway signaling system of CSX Corp., causing delays and cancellations throughout the eastern U.S.
Welchia my not be as widely distributed as Lovesan, but it is a more technically advanced virus and is responsible for more total Internet traffic. Welchia, at one point last week had even been reported to be behind a few Internet backbone "performance issues".
The only way to stop Welchia and Lovesan is to get all computers patched against the DCOM RPC vulnerability.
Links to appropriate patches can be found at:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
