Symantec security response upgrades W32.Welchia.Worm to level four threat

Symantec, the world leader in Internet security, today announced that it has upgraded the W32.Welchia.Worm from a level two to a level four threat. Symantec is receiving reports of severe disruptions on the internal networks of large enterprises caused by ICMP flooding related to the propagation of the W32.Welchia.worm. In some cases enterprise users have been unable to access critical network resources.

"Despite its original intent, the W32.Welchia.Worm is an insidious worm that is preventing IT administrators from cleaning up after the W32.Blaster.Worm," said Patrick Evans, regional manager for Africa at Symantec. "The worm is swamping network systems with traffic and causing denial-of-service to critical servers within organisations."

W32.Welchia.Worm targets computers infected with the W32.Blaster.Worm. Once on a system, W32.Welchia.Worm deletes msblast.exe, attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, installs the patch, and then reboots the computer. The worm checks for active machines to infect by sending an ICMP echo, or PING, which may result in significantly increased ICMP traffic. ICMP is a TCP/IP protocol used to send Internet messages.