The “Cure” Causes More Trouble Than The Illness

The virus known as Welchia is a derivative of the Lovesan worm virus that spreads via the Internet to computers running Microsoft operating systems that have not been patched for the DCOM RPC vulnerability. Microsoft made the patch available on July 16, 2003.

Welchia is a sort of “anti-virus virus”, but this does not mean it is a good thing. In fact, in this case the cure, ‘Welchia’, has been more problematic than the pest its creator(s) set out to stop, ‘Lovesan’.

Welchia attempts to protect vulnerable computers by identifying those without the DCOM RPC patch and downloading it from Microsoft. Despite any potential good intentions the network traffic soaked up by Welchia caused Air Canada’s ticketing system to fail. Welchia is also attributed with bringing down the railway signaling system of CSX Corp., causing delays and cancellations throughout the eastern U.S.

Welchia my not be as widely distributed as Lovesan, but it is a more technically advanced virus and is responsible for more total Internet traffic. Welchia, at one point last week had even been reported to be behind a few Internet backbone “performance issues”.

The only way to stop Welchia and Lovesan is to get all computers patched against the DCOM RPC vulnerability.