Nachi or W32.Welchia.Worm exploits DCOM RPC and WebDav vulnerabilities
Posted: 10:43:11, Saturday, Aug 23, 2003 Expiration: 19:00:00, Friday, Aug 29, 2003
Nachi or W32.Welchia.Worm exploits DCOM vulnerability using TCP port 135 and WebDav vulnerability using TCP port 80.
Norton/Symantec Antivirus definitions dated 8/18/2003 can detect W32.Welchia.Worm.
Symantec also provides a removal tool that will clean W32.Welchia.Worm off an infected system.
For details and solutions, please see Help Desk knowledgebase document 2174.
-- Chris Mayeshiba, DoIT Help Desk
Created: 10:43:11, Saturday, Aug 23, 2003 (by WWANG4)
Updated: 11:05:06, Saturday, Aug 23, 2003 (by WWANG4)