As the old saying goes, two wrongs don’t make a right — especially if the second “wrong” is a computer worm, albeit a benevolent one.

In August 2003, hundreds of thousands of PCs were infected by the Blaster worm, which caused computers to reboot every 60 seconds. As Microsoft worked to halt the spread of Blaster, so did the Robin Hood-esque creator of the Welchia worm. 

An example of a “nematode” worm, or a computer worm that aims to do good, Welchia targeted the Windows 2000 and Windows XP operating systems, infecting computers already infected by Blaster. Once installed, Welchia used the same Remote Procedure Call (RPC) DCOM vulnerability as Blaster to download a security patch from the Microsoft website. It then removed the Blaster worm from the computer system and was programmed to delete itself as of Jan. 1, 2004.

Good intentions, bad results

Sounds OK — until you realize how much network traffic Welchia (also known as Nachi or MSBlast.D) created. Welchia used an ICMP echo or PING to search networks for Blaster-infected machines to fix.

Welchia only worked on the English, Korean and Chinese versions of Windows. Also, Welchia did attempt to alter a computer without a user’s permission or knowledge.

The Navy’s unclassified computer system was reportedly hit by Welchia Aug. 18, 2003, affecting email, Internet, and server access. The State Department’s visa processing system was also hit by Welchia, as were Lockheed Martin and Air Canada.

Subscribe to SmaterMSP

Photo:  Skorzewiak / Shutterstock.

Kate Johanns

Posted by Kate Johanns

Kate Johanns is a communications professional and freelance writer with more than 13 years of experience in publishing and marketing.

Leave a reply

Your email address will not be published. Required fields are marked *