All right. Now /this/ worm is cool!
According to the following:
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
This worm only replicates itself, and get this, attempts to remove the
W32.Blaster worm, apply Microsoft's security patches, and reboot the
machine (once) to allow the changes to take effect. You don't see that
every day, and you've gotta love it!
Of course it causes massive amounts of ping traffic and whatnot, and
should be killed, but only after it fixes all of your Blaster problems. ;-)
Thus spake Ben Ostrowsky on the 20 day of the 08 month in the year 2003:
> We're getting a silly number of copies of the W32.Welchia worm, and I know there
> are malware-finders that could work with postfix. What do you recommend for
> preventing worm-generated email from making it to the inboxes?
AFAIK, this worm does not send e-mail. Perhaps you're having problems
with a different Win32 worm? There never seem to be a shortage of them.
;-)
>
> I've looked on freshmeat and found that the most popular solutions depend on an
> open antivirus signature project that seems to have released its most recent
> update in 2002.
>
> I'd be willing to buy a subscription from a vendor if the product works well.
> Something like Norton Antivirus added onto MessageWall would be ideal.
>
> Is anyone using MessageWall with the Clam AV database and automating updates?
> I'd rather not write my own script for that...
>
> Ben
> -----------------------------------------------------------------------
> This list is provided as an unmoderated internet service by Networked
> Knowledge Systems (NKS). Views and opinions expressed in messages
> posted are those of the author and do not necessarily reflect the
> official policy or position of NKS or any of its employees.
>
-- Matthew MoenOutlook is as attractive to email viruses as a heap of dead and rotting cows is to a fly. So long as that maggot-filled pile of corpses is there, swatting at the flies isn't going to work. Alan Bellingham, SDM ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:50:25 EDT