Witty Worm
   HOME

TheInfoList



Click Here for Items Related To - Witty Worm
OR:
Witty Worm on:   [Wikipedia]   [Google]   [Amazon]

The Witty worm was a
computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It wil ...
that attacked the
firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...
and other
computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...
products written by a particular company, the Internet Security Systems (ISS) now IBM Internet Security Systems. It was the first worm to take advantage of vulnerabilities in the very pieces of
software Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consists ...
designed to enhance network security, and carried a destructive payload, unlike previous worms. It is so named because the phrase "(^.^) insert witty message here (^.^)" appears in the worm's payload. The Witty worm incident was unique in that the worm spread very rapidly after announcement of the ISS vulnerability (a day later), and infected a much smaller and presumably harder-to-infect (because the administrators had taken security measures) host population than previous worms.


Propagation

On March 19, 2004, the 'Witty' worm began infecting hosts connected to the
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
(and running the vulnerable ISS software) without any seed population.Errata Security Author Article
/ref> Within a half-hour it infected 12,000 computers and was generating 90 Gbit/s (
gigabit The bit is the most basic unit of information in computing and digital communications. The name is a portmanteau of binary digit. The bit represents a logical state with one of two possible values. These values are most commonly represented a ...
s per second) of UDP traffic.


Effect of worm

Once Witty infects a computer by exploiting a vulnerability in the ISS software packages (RealSecure Network, RealSecure Server Sensor, RealSecure Desktop, and BlackICE), it attempts to infect other computers using the same vulnerability. Witty launches these attacks as fast as possible, attacking a pseudo-random subset of
IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
es as quickly as allowed by the computer's Internet connection. It repeats these attacks in groups of 20,000, alternately launching attacks and overwriting sections of the computer's hard disk(s).


References

*Shannon, Colleen and David Moore (2004)
"The Spread of the Witty Worm"
(Last updated June 21, 2005; Retrieved November 14, 2005.) *Abhishek Kumar, Vern Paxson and Nicholas Weaver (2005)

(Last updated May 24, 2005; Retrieved February 2, 2006.)


External links




Analysis of the worm propagation by CAIDA
(Cooperative Association for Internet Data Analysis)
Slashdot article
{{DEFAULTSORT:Witty (Computer Worm) Exploit-based worms Hacking in the 2000s