I know this is on the front page and also convered by Enyo above - but I did receive automatic liveupdates last night on
both of these (unuusual as normally liveupdates occur on Wed unless something heavy is going down)
1. Level 4 Virus Alert! W32.Welchia.Worm
Due to an increase in submissions, Symantec Security Response has upgraded
W32.Welchia.Worm to Category 4, as of 6:00pm Monday, August 18, 2003.
The worm attempts to download the DCOM RPC patch from Microsoft's Windows
Update Web site, install it, and then reboot the computer. The worm checks
for active machines to infect by sending an ICMP echo, or PING, which will
results in increased ICMP traffic.
The worm will also attempt to remove W32.Blaster.Worm.
Definitions dated August 18, 2003 will detect the W32.Welchia.Worm. Run
LiveUpdate or download the Intelligent Updater virus definitions at
http://securityresponse.symantec.com/avcenter/defs.download.html
Also Known As: W32/Welchia.worm10240 [AhnLab], W32/Nachi.worm [McAfee],
WORM_MSBLAST.D [Trend], Lovsan.D [F-Secure]
Type: Worm
Infection Length: 10,240 bytes
Systems Affected: Windows 2000, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX
CVE References: CAN-2003-0109, CAN-2003-0352
For additional information, visit the following Internet address:
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
_____________________________
2. Level 3 Virus Alert! W32.Dumaru@mm
W32.Dumaru@mm is a mass-mailing worm that drops an IRC Trojan onto the
infected machine. The worm gathers email addresses from certain file types
and uses its own SMTP engine to email itself.
Definitions dated August 18, 2003 will detect the W32.Welchia.Worm. Run
LiveUpdate or download the Intelligent Updater virus definitions at
http://securityresponse.symantec.com/avcenter/defs.download.html
The email has the following characteristics:
From: "Microsoft" <security@microsoft.com>
Subject: Use this patch immediately !
Message:
Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
Attachment: patch.exe
This threat is written in the Microsoft C++ programming language and is
compressed with UPX.
Type: Worm
Infection Length: 9,216
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me,
Windows NT, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX
For additional information, visit the following Internet address:
http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru@mm.html