New Welchia behavior?
Rita Seplowitz Saltz
rita at Princeton.EDU
Tue Mar 30 20:02:06 GMT 2004
Suddenly here at Princeton.EDU, we're seeing a lot more Welchia-like
infections, primarily among the student-owned machines.
Our tech clinic says tool/cass4 files (seen in conjunction with
manifest.mf file, apparently) are being tagged as a virus and deleted
on scans. They also, in the last two days, have been seeing a new file
NOT tagged as viral showing up on systems where no other exploits or
viruses were found: navpaw.exe.
Most worrisome of all is the appearance of a Welchia.b type bug on
systems that have been newly imaged, patched and firewalled. Our
clinic expert says, "This seems to point to welchia.b exploiting an
unpatched RPC component, or exploiting some service that we don't know
Anyone else seeing escalated Welchia and/or have insight into these new
Senior Policy Advisor
Office of Information Technology (OIT)
rita at princeton.edu
More information about the unisog