TA的每日心情 | 慵懒
2013-8-17 22:19 |
|---|
签到天数: 16 天 [LV.4]偶尔看看III
|
symantec首页就是它 恭喜~~~~~~~~
http://www.symantec.com/region/cn/
As of February 13, 2004, due to an increased rate of submissions, Symantec Security Response has upgraded this threat to a Category 3 from a Category 2.
W32.Welchia.B.Worm is a variant of W32.Welchia.Worm. If the version of the operating system of the infected machine is Chinese, Korean, or English, the worm will attempt to download the Microsoft Workstation Service Buffer Overrun and Microsoft Messenger Service Buffer Overrun patches from the Microsoft® Windows Update Web site, install it, and then restart the computer.
The worm also attempts to remove the W32.Mydoom.A@mm and W32.Mydoom.B@mm worms.
W32.Welchia.B.Worm exploits multiple vulnerabilities, including:
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm specifically targets Windows XP machines using this exploit.
The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80. The worm specifically targets machines running Microsoft IIS 5.0 using this exploit. The worm's use of this exploit will impact Windows 2000 systems and may impact Windows NT/XP systems.
The Workstation service buffer overrun vulnerability (described in Microsoft Security Bulletin MS03-049) using TCP port 445.
The Locator service vulnerability using TCP port 445 (described in Microsoft Security Bulletin MS03-001). The worm specifically targets Windows 2000 machines using this exploit.
The presence of the file, %Windir%\system32\drivers\svchost.exe, is an indication of a possible infection.
This threat is compressed with UPX.
去update一下 打上补丁
 |
|
|
|
|
|
|
|
|
|
发表于 2004-2-18 17:40:32
以前从没中过这个毒,rpc补丁也都打好了
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
转播
淘帖
支持
反对
变色卡
楼主
