Welchi Worm Attacks Blaster

The Welchi worm targets the original Blaster worm, removing it, and then patching the system's RPC/DCOM flaw to prevent further attack. However, this unsolicited patching spontaneously reboots the system, causing a Denial of Service (DoS). Further, the worm is not without flaws and may leave the system vulnerable to further compromise, thus its "noble" act of patching is far from desirable. Though functionally similar to Blaster, security vendors disagree on whether this is a variant of the original MSBlast/Lovsan worm or an entirely new worm warranting a new name. As such, Welchi is also called Nachi-A and MSBlast.D.
Full Story | Blaster resources | How to disable DCOM