Jump to content

Witty (computer worm): Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
m Reverted 1 edit by 67.82.232.133 identified as vandalism to last revision by Shalom. (TW)
Line 10: Line 10:
Once Witty infects a computer by exploiting a vulnerability in the ISS software packages (RealSecure Network, RealSecure Server Sensor, RealSecure Desktop, and BlackICE), it attempts to infect other computers using the same vulnerability.
Once Witty infects a computer by exploiting a vulnerability in the ISS software packages (RealSecure Network, RealSecure Server Sensor, RealSecure Desktop, and BlackICE), it attempts to infect other computers using the same vulnerability.


Witty launches these attacks as fast as possible, attacking random [[IP address]]es as quickly as allowed by the computer's Internet connection. It repeats these attacks in groups of 20,000, alternately launching attacks and overwriting sections of the computer's [[Hard disk|hard disk(s)]].
Witty launches these attacks as fast as possible, attacking pseudo-random subset of [[IP address]]es as quickly as allowed by the computer's Internet connection. It repeats these attacks in groups of 20,000, alternately launching attacks and overwriting sections of the computer's [[Hard disk|hard disk(s)]].


==References==
==References==

Revision as of 06:46, 6 May 2008

The Witty worm is a computer worm that attacks the firewall and other computer security products written by a particular company, Internet Security Systems (ISS). It was the first worm to take advantage of vulnerabilities in the very pieces of software designed to enhance network security, and carried a destructive payload, unlike previous worms. It is so named because the phrase "(^.^) insert witty message here (^.^)" appears in the worm's payload.

The Witty worm incident was unique in that the worm spread very rapidly after announcement of the ISS vulnerability (a day later), and infected a much smaller and presumably harder-to-infect (because the administrators had taken security measures) host population than previous worms.

Propagation

On 19 March 2004, the 'Witty' worm began infecting hosts connected to the Internet (and running the vulnerable ISS software) from a "seed" population, probably of previously compromised computers. Within a half-hour it infected 12,000 computers and was generating 90 Gb/s (gigabits per second) of UDP traffic.

Effect of worm

Once Witty infects a computer by exploiting a vulnerability in the ISS software packages (RealSecure Network, RealSecure Server Sensor, RealSecure Desktop, and BlackICE), it attempts to infect other computers using the same vulnerability.

Witty launches these attacks as fast as possible, attacking pseudo-random subset of IP addresses as quickly as allowed by the computer's Internet connection. It repeats these attacks in groups of 20,000, alternately launching attacks and overwriting sections of the computer's hard disk(s).

References