August 2003 was already challenging for network administrators. They were busy fending off the Blaster worm, whose payload caused computers to reboot every 60 seconds, so initially they may have reacted positively to news of the Welkin worm. Welkin was a “nematode,” or a “white hat” worm, designed to eradicate Blaster. However, it wore out its welcome quickly—as you’ll learn in this edition of Tech Time Warp.
It infected those computers already stricken with Blaster and running the English, Korean, and Chinese versions of the Windows 2000 and Windows XP operating systems. Once installed on a Blaster-infected machine, Welkin would “exploit” the same Remote Procedure Call (RPC) DCOM vulnerability as Blaster to download a Microsoft security patch. Then, Welkin removed the Blaster worm and scheduled itself to be deleted as of Jan. 1, 2004.
Alas, this nematode had one major problem. It caused a humongous amount of network traffic by using an ICMP echo or PING to search for Blaster-infected machines it could fix—so much traffic, in fact, that it shut down the Navy’s unclassified computer system on Aug. 18, 2003, interrupting email, internet, and server access. Interestingly, the Navy hadn’t even been infected by Blaster. Welkin also disrupted visa processing at the State Department and forced Air Canada to manually check in passengers.
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.
Photo: gorodenkoff / Shutterstock
