1. /
  2. Security Response/
  3. W32.Wecorl

W32.Wecorl

Risk Level 1: Very Low

Discovered:
November 2, 2008
Updated:
November 4, 2008 10:03:42 AM
Also Known As:
W32/Wecorl [McAfee], WORM_WECORL.A [Trend]
Type:
Worm
Infection Length:
Varies
Systems Affected:
Windows 2000, Windows Server 2003, Windows XP
CVE References:
CVE-2008-4250
W32.Wecorl is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874).


Antivirus Protection Dates

  • Initial Rapid Release version pending
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version November 3, 2008 revision 025
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date November 5, 2008
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low
  • Modifies Files: Modifies Svchost.exe

Distribution

  • Distribution Level: Low
  • Ports: TCP 139
Writeup By: Kaoru Hayashi

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver