javascript contador Skip to content

Welchia, the story of the worm that cleaned your computer

Welchia, the story of the worm that cleaned your computer

Welchia, the story of the worm that cleaned your computer

We always tend to associate viruses and malware with threats to our security, but there are viruses that try to help us: We introduce you to the beneficial worms.

Once it gets into our computer, any malware can wreak havoc in everything we can think of: from our personal images to our work, through our bank details or our user accounts. Now the biggest threat is ransomware, asking for a ransom to regain access to our data, but before we also encountered all kinds of threats including worms, Trojan horses, various viruses

However, not all viruses have malicious intent or are trying to play a joke on us: there are computer viruses created with the intention of repairing the damage caused by another vrus with worse intentions, and today we present to you Welchia, the worm that was born to fight Blaster.

Blaster and Welchia, the worm that fights another worm


Surely many of you will remember Blaster (also known as Lovsan), a network worm that was discovered in August 2013, and that took advantage of a vulnerability in the DCOM of Windows XP and Windows 2000 to infect other systems. The worm’s objective was, on a specific day, start flooding requests windowsupdate.comwith the objective of cause a DDoS attack to the Microsoft update service. The author had a bad time because redirects to, so the Redmond company only had to temporarily close the first one to minimize its effects. In certain operating systemsalso caused instability, making it impossible to work with the computer.

The thing is, this worm caused various computer networks to crash, leaving a multitude of victims along the way: the U.S. Marines intranet was affected, the Canadian Air check-in system was turned off, and the networks of BMW or TeliaSonera did not function normally. Microsoft estimates that the number of computers affected is between 8 and 16 million, so it was a vrus that had remarkable success. And this is where Welchia, the main worm in this article, appears.

Welchia, also known as Nachia, exploited a very similar vulnerability the one Blaster used to break into infected computers. However, its author does not intend to do any harm to its users, because the first thing this worm did is look for the presence of Blaster in the operating system and remove it completely in case of being present. Afterwards, it installed the necessary Microsoft patches to prevent Blaster from entering the system again, restarted the computer and even uninstalled the system only 120 days later.

I want my wife and daughter

Welcome Chian

Notice: I delete myself in 2004

Sorry zhongli

A glance at the Welchia code reveals the text that you play right above, although the good intentions of its creator did not sit well with everyone: the fact that it came from an unknown source, run without user permission, its high consumption of resources and traffic, or causing unexpected reboots earned hatred in some sectors, being marked as a threat at the Blaster level by companies like Microsoft or Symantec. Most antiviruses today consider it a variant of the original Blaster by using similar propagation methods.

Beneficial worms, for or against?

Welchia is not the only computer virus created for the purpose of counter a malicious threat. Reaper was born to hunt down Creeper, Denzuko had Brain – IBM’s first virus for PCs – as a target, and even a variant of Welchia was created to fight Mydoom. There are also viruses that erase other viruses to introduce a different one that also performs malicious activity, although that’s another story.

In any case, the fact of being beneficial has not spared them from creating controversy among computer security experts: despite not performing any malicious activity, it remains code that runs on a device without express authorization of the user. In addition, as in the case of Welchia, it can cause harmful side effects: it causes the traffic on the network to shoot up to its limit and it can cause the computer to not fulfill its original purpose.