||||
Symantec.com > Security Response > Threats and Risks > W32.Wecorl
PRINT THIS PAGE

W32.Wecorl

Risk Level 1: Very Low

Printer Friendly Page

Discovered: November 2, 2008
Updated: November 4, 2008 10:03:42 AM
Also Known As: W32/Wecorl [McAfee], WORM_WECORL.A [Trend]
Type: Worm
Infection Length: Varies
Systems Affected: Windows XP, Windows Server 2003, Windows 2000
CVE References: CVE-2008-4250

W32.Wecorl is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874).

Protection

  • Initial Rapid Release version pending
  • Latest Rapid Release version February 20, 2009 revision 032
  • Initial Daily Certified version November 3, 2008 revision 025
  • Latest Daily Certified version February 20, 2009 revision 048
  • Initial Weekly Certified release date November 5, 2008

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low
  • Modifies Files: Modifies Svchost.exe

Distribution

  • Distribution Level: Low
  • Ports: TCP 139

Writeup By: Kaoru Hayashi
Search by name
Example: W32.Beagle.AG@mm
Learn more about Zero-Day / Operation Aurora / Hydraq
Symantec DeepSight Screensaver
©1995 - 2010 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS