Welchia

Welchia

The Welchia worm, also known as the "Nachia worm," is a computer worm that exploits a vulnerability in the Microsoft Remote procedure call (RPC) service similar to the Blaster worm. However unlike Blaster, it tries to download and install security patches from Microsoft, so it is classified as a helpful worm. Though even as it implies no harm, it can increase network traffic, reboot the infected computer, and more importantly—it operates without consent and does not log anything. It has had several different variants and childworms. It was discovered on August 18, 2003.

This worm infected systems by exploiting vulnerabilities in Microsoft Windows system code (TFTPD.EXE and TCP on ports 666-765, and a buffer overflow of the RPC on port 135). Its method of infection is to create a remote shell and instruct the system to download the worm by TFTPD.EXE. TFTPD is only on certain operating systems, and, without it, the connection fails at this stage. Specifically, the Welchia worm targeted machines running Windows XP.

Once in the system, the worm would patch the vulnerability it used to gain access (thereby actually securing the system against other attempts to exploit the same method of intrusion) and run its payload, a series of Microsoft patches. It then would attempt to remove the "W32/Lovsan.worm.a" by deleting MSBLAST.EXE. If still in the system, the worm was programmed to self-remove on January 1, 2004, or after 120 days of processing, whichever would have come first.

While this worm did no apparent damage to individual systems — indeed, it actually helped to secure certain systems — it did create vast amounts of traffic by its transmission method, thereby slowing down the Internet and the Microsoft website. The worm also made some systems unstable by its workings, and, once the patches had been installed, it rebooted the system. Because of these effects, the worm was perceived as a threat, and a patch was released by all major anti-virus vendors.

See also

Monitor padlock.svg Computer security portal

External links


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Welchia — El gusano Welchia, también conocido como Nachia worm , es un gusano informático que explota una vulnerabilidad en los servicios Remote procedure call (RPC) de Microsoft, de una forma similar al worm Blaster. Al contrario que éste, Welchia intenta …   Wikipedia Español

  • Computers and Information Systems — ▪ 2009 Introduction Smartphone: The New Computer.       The market for the smartphone in reality a handheld computer for Web browsing, e mail, music, and video that was integrated with a cellular telephone continued to grow in 2008. According to… …   Universalium

  • Хронология компьютерных вирусов и червей — Здесь приведён хронологический список появления некоторых известных компьютерных вирусов и червей, а также событий, оказавших серьёзное влияние на их развитие. Содержание 1 2012 2 2011 3 2010 4 2009 …   Википедия

  • Helpful worm — A Helpful worm is variant on a computer worm which delivers its payload by doing helpful actions instead of malicious actions. Welchia was a major example of a helpful worm utilizing the same exploit which caused the Blaster worm. Infected… …   Wikipedia

  • Систематика спорообразующих анаэробных бактерий —         В настоящее время имеются три наиболее известные системы классификации анаэробов: Н. А. Красильникова (1949), Берги (1957) и Прево (1957, 1967). По Красильникову, все спорообразующие бактерии объединяются в семейство Васillасеае. Это… …   Биологическая энциклопедия

  • Ping — is a computer network tool used to test whether a particular host is reachable across an IP network; it is also used to self test the network interface card of the computer, or as a speed test. It works by sending ICMP “echo request” packets to… …   Wikipedia

  • Timeline of notable computer viruses and worms — This is a timeline of noteworthy computer viruses and worms.1970 1979Early 1970s* Creeper virus was detected on ARPANET infecting the Tenex operating system. Creeper gained access independently through a modem and copied itself to the remote… …   Wikipedia

  • Victor A. Vyssotsky — Victor A. Vyssotsky, son of the astronomers Alexander N. Vyssotsky and Emma Vyssotsky is a mathematician and computer scientist. He was one of the team member of Multics project. Multics, whilst not particularly commercially successful in itself …   Wikipedia

  • August 20, 2003 — See also August 19, 2003 August 2003 August 21, 2003 * War on Terrorism Canal Hotel: US officials comment terror group linked to al Qaeda, Ansar al Islam, is emerging as a top suspect in the U.N. headquarters bombing in Baghdad. It s part of a… …   Wikipedia

  • Nachi — may refer to: National Association of Certified Home Inspectors A worm affecting Microsoft XP systems, also known as Welchia. A sacred area in Nachikatsuura, Wakayama, Japan. See Kumano Sanzan Nachi, a cruiser of the Imperial Japanese Navy, named …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”