There are a couple worms out there now that attempt to connect to infected machines of the particular virus/trojan its programmed to look for and try to remove it.
 
Welchia was a worm that caused more traffic than the offender or at least as much traffic making it as bad on internet traffic as the blaster worm it was sent to fix.
 
There is now a version of it that looks for mydoom.a infected machines as well.
 
Carl
 
----- Original Message -----
Sent: Monday, February 16, 2004 1:49 PM
Subject: [Clamav-users] W32.Welchia.Worm

Hi, Everyone!
 
    I've just read about this worm at Symantec site....
   
    Could this be considered a "well-intended" virus?!?!
 
    OK, it does some damage..... like installing a small web server and overwriting html files for a screwed up page....
 
    But after all, it does install some fixes and tries to remove the worms MyDoom.A and MyDoom.B!!
 
    OK, no one can go into a PC and install anything without permission! That's not my point.
 
    My point is that I've never seen a worm doing this kind of stuff! Ok, I have only 3 years of experience, but in my particular experience I've never seen a worm trying to apply patches and removing other bugs!!
    Has anyone?
    What do you think about it?
 
    Well, that's the discussion I'm trying to bring to this forum.
    Any post is welcome.
 
 
Patrícia Viana
Net Admin
Eletrobolt Power Plant - Rio de Janeiro - BRAZIL
 
   

Reply via email to