W32.Welchia.Worm is a worm that exploits multiple vulnerabilities:
exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm specifically targets Windows XP machines using this exploit.
exploits the WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80. The worm specifically targets machines running Microsoft IIS 5.0 using this exploit.
The worm attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, install it, and then reboot the computer.
The worm checks for active machines to infect by sending an ICMP echo, or PING, which will results in increased ICMP traffic.
The worm will also attempt to remove W32.Blaster.Worm.
Extracted from:
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.html
exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm specifically targets Windows XP machines using this exploit.
exploits the WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80. The worm specifically targets machines running Microsoft IIS 5.0 using this exploit.
The worm attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, install it, and then reboot the computer.
The worm checks for active machines to infect by sending an ICMP echo, or PING, which will results in increased ICMP traffic.
The worm will also attempt to remove W32.Blaster.Worm.
Extracted from:
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.html
