This weblog is no longer being maintained. All information here has been ported to EclecticEchoes.com. This site (heupel.com/eclectic) remains only for archival purposes.
The past quarter had response teams dealing with the follwing:
Well the last one might as well become the standard sign off of all future CERT Summaries. Use Anti-virus software, keep it updated, keep your OS / Applications updated. But wait what is W32/Welchia ? No advisories or vulnerability reports on that that I remember.
Turns out, Welchia was sort of an anti-worm. Using the same exploit as W32/Blaster it would “infect a system” and “kill and remove the msblast.exe artifact left behind by W32/Blaster, perform ICMP scanning to identify systems to target for exploitation, apply the patch from Microsoft (described in MS03 - 026), and reboot the system.” Of course there are ethical issues with the whole idea, but it also could potentially cause DOS as a bunch of systems all ICMP’ing, and downloading the patch– not to mention systems rebooting themselves. Of course someone somewhere is saying “Hey it sounded good at the time.”