1. Symantec/
  2. Security Response/
  3. W32.Francette.Worm


Risk Level 1: Very Low

November 17, 2003
February 13, 2007 12:13:59 PM
Also Known As:
Worm.Win32.Francette.a [Kasper, W32/Tumbi.worm [McAfee]
Systems Affected:
CVE References:
CVE-2000-0884 CAN-2003-0352

W32.Francette.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135, as well as the Microsoft IIS Web Server Folder Traversal vulnerability (described in Microsoft Security Bulletin MS00-078). The existence of the file syshost.exe is an indication of a possible infection.

This worm is written in Borland Delphi and is packed with ASPack.

Antivirus Protection Dates

  • Initial Rapid Release version November 18, 2003
  • Latest Rapid Release version October 17, 2017 revision 037
  • Initial Daily Certified version November 18, 2003
  • Latest Daily Certified version October 18, 2017 revision 006
  • Initial Weekly Certified release date November 19, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Scott Gettis

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube