Re: [SLUG] Stopping W32.Welchia with Linux?

From: Matt Moen (mattlists@younicks.org)
Date: Wed Aug 20 2003 - 11:07:02 EDT

Next message: Levi Bard: "Re: [SLUG] Solved (but not elegant)- Suse 8.2 and Evolution 1.4"
Previous message: Levi Bard: "Re: [SLUG] SCO and Linux Code"
In reply to: Ben Ostrowsky: "[SLUG] Stopping W32.Welchia with Linux?"
Next in thread: Levi Bard: "Re: [SLUG] Stopping W32.Welchia with Linux?"
Reply: Levi Bard: "Re: [SLUG] Stopping W32.Welchia with Linux?"
Reply: Ben Ostrowsky: "Re: [SLUG] Stopping W32.Welchia with Linux?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

All right. Now /this/ worm is cool!

According to the following:
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

This worm only replicates itself, and get this, attempts to remove the
W32.Blaster worm, apply Microsoft's security patches, and reboot the
machine (once) to allow the changes to take effect. You don't see that
every day, and you've gotta love it!

Of course it causes massive amounts of ping traffic and whatnot, and
should be killed, but only after it fixes all of your Blaster problems. ;-)

Thus spake Ben Ostrowsky on the 20 day of the 08 month in the year 2003:
> We're getting a silly number of copies of the W32.Welchia worm, and I know there
> are malware-finders that could work with postfix. What do you recommend for
> preventing worm-generated email from making it to the inboxes?

AFAIK, this worm does not send e-mail. Perhaps you're having problems
with a different Win32 worm? There never seem to be a shortage of them.
;-)

>
> I've looked on freshmeat and found that the most popular solutions depend on an
> open antivirus signature project that seems to have released its most recent
> update in 2002.
>
> I'd be willing to buy a subscription from a vendor if the product works well.
> Something like Norton Antivirus added onto MessageWall would be ideal.
>
> Is anyone using MessageWall with the Clam AV database and automating updates?
> I'd rather not write my own script for that...
>
> Ben
> -----------------------------------------------------------------------
> This list is provided as an unmoderated internet service by Networked
> Knowledge Systems (NKS). Views and opinions expressed in messages
> posted are those of the author and do not necessarily reflect the
> official policy or position of NKS or any of its employees.
>

-- Matthew Moen

Outlook is as attractive to email viruses as a heap of dead and rotting cows is to a fly. So long as that maggot-filled pile of corpses is there, swatting at the flies isn't going to work. Alan Bellingham, SDM ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.

Next message: Levi Bard: "Re: [SLUG] Solved (but not elegant)- Suse 8.2 and Evolution 1.4"
Previous message: Levi Bard: "Re: [SLUG] SCO and Linux Code"
In reply to: Ben Ostrowsky: "[SLUG] Stopping W32.Welchia with Linux?"
Next in thread: Levi Bard: "Re: [SLUG] Stopping W32.Welchia with Linux?"
Reply: Levi Bard: "Re: [SLUG] Stopping W32.Welchia with Linux?"
Reply: Ben Ostrowsky: "Re: [SLUG] Stopping W32.Welchia with Linux?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:50:25 EDT