This weblog is no longer being maintained. All information here has been ported to This site ( remains only for archival purposes.

September 08, 2003

CERT Summary - It Sounded Good

CERT has released its quarterly summary– CERT Summary CS-2003-03. No big surprises – except…

The past quarter had response teams dealing with the follwing:

Well the last one might as well become the standard sign off of all future CERT Summaries. Use Anti-virus software, keep it updated, keep your OS / Applications updated. But wait what is W32/Welchia ? No advisories or vulnerability reports on that that I remember. 

Turns out, Welchia was sort of an anti-worm. Using the same exploit as W32/Blaster it would “infect a system” and “kill and remove the msblast.exe artifact left behind by W32/Blaster, perform ICMP scanning to identify systems to target for exploitation, apply the patch from Microsoft (described in MS03 - 026), and reboot the system.” Of course there are ethical issues with the whole idea, but it also could potentially cause DOS as a bunch of systems all ICMP’ing, and downloading the patch– not to mention systems rebooting themselves. Of course someone somewhere is saying “Hey it sounded good at the time.”

Posted by Eric at September 8, 2003 06:08 PM | TrackBack
Comments & Trackbacks