[Dshield] Symantec Alerts

R Shady RShady at stny.rr.com
Wed Aug 20 13:49:49 GMT 2003


Just received this bulletin from Symantec:

1.  Level 4 Virus Alert! W32.Welchia.Worm

Due to an increase in submissions, Symantec Security Response has upgraded
W32.Welchia.Worm to Category 4, as of 6:00pm Monday, August 18, 2003.

The worm attempts to download the DCOM RPC patch from Microsoft's Windows
Update Web site, install it, and then reboot the computer. The worm checks
for active machines to infect by sending an ICMP echo, or PING, which will
results in increased ICMP traffic.

The worm will also attempt to remove W32.Blaster.Worm.

Definitions dated August 18, 2003 will detect the W32.Welchia.Worm. Run
LiveUpdate or download the Intelligent Updater virus definitions at
http://securityresponse.symantec.com/avcenter/defs.download.html

Also Known As:  W32/Welchia.worm10240 [AhnLab], W32/Nachi.worm [McAfee],
WORM_MSBLAST.D [Trend], Lovsan.D [F-Secure]

Type:  Worm
Infection Length:  10,240 bytes
Systems Affected:  Windows 2000, Windows XP
Systems Not Affected:  Linux, Macintosh, OS/2, UNIX
CVE References:  CAN-2003-0109, CAN-2003-0352

For additional information, visit the following Internet address:

http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
_____________________________

2.  Level 3 Virus Alert! W32.Dumaru at mm

W32.Dumaru at mm is a mass-mailing worm that drops an IRC Trojan onto the
infected machine. The worm gathers email addresses from certain file types
and uses its own SMTP engine to email itself.

Definitions dated August 18, 2003 will detect the W32.Welchia.Worm. Run
LiveUpdate or download the Intelligent Updater virus definitions at
http://securityresponse.symantec.com/avcenter/defs.download.html

The email has the following characteristics:

From: "Microsoft" <security at microsoft.com>
Subject: Use this patch immediately !
Message:
Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
Attachment: patch.exe

This threat is written in the Microsoft C++ programming language and is
compressed with UPX.

Type:  Worm
Infection Length:  9,216
Systems Affected:  Windows 2000, Windows 95, Windows 98, Windows Me,
Windows NT, Windows XP
Systems Not Affected:  Linux, Macintosh, OS/2, UNIX

For additional information, visit the following Internet address:

http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru@mm.html





More information about the list mailing list