Witty (computer worm)

Witty (computer worm)

The Witty worm is a computer worm that attacks the firewall and other computer security products written by a particular company, Internet Security Systems (ISS). It was the first worm to take advantage of vulnerabilities in the very pieces of software designed to enhance network security, and carried a destructive payload, unlike previous worms. It is so named because the phrase "(^.^) insert witty message here (^.^)" appears in the worm's payload.

The Witty worm incident was unique in that the worm spread very rapidly after announcement of the ISS vulnerability (a day later), and infected a much smaller and presumably harder-to-infect (because the administrators had taken security measures) host population than previous worms.

Propagation

On 19 March 2004, the 'Witty' worm began infecting hosts connected to the Internet (and running the vulnerable ISS software) from a "seed" population, probably of previously compromised computers. Within a half-hour it infected 12,000 computers and was generating 90 Gb/s (gigabits per second) of UDP traffic.

Effect of worm

Once Witty infects a computer by exploiting a vulnerability in the ISS software packages (RealSecure Network, RealSecure Server Sensor, RealSecure Desktop, and BlackICE), it attempts to infect other computers using the same vulnerability.

Witty launches these attacks as fast as possible, attacking a pseudo-random subset of IP addresses as quickly as allowed by the computer's Internet connection. It repeats these attacks in groups of 20,000, alternately launching attacks and overwriting sections of the computer's hard disk(s).

References

*Shannon, Colleen and David Moore (2004). [http://www.caida.org/analysis/security/witty/ "The Spread of the Witty Worm"] . (Last updated June 21, 2005; Retrieved 14 November 2005.)
*Abhishek Kumar, Vern Paxson and Nicholas Weaver (2005). [http://www.cc.gatech.edu/~akumar/witty.html "Outwitting the Witty worm"] . (Last updated May 24, 2005; Retrieved 2 February 2006.)

External links

* [http://www.eeye.com/html/Research/Advisories/AD20040318.html ISS vulnerability announcement]
* [http://www.lurhq.com/witty.html Witty Worm Analysis]
* [http://www.caida.org/analysis/security/witty/ Analysis of the worm propagation by CAIDA]
* [http://slashdot.org/articles/04/03/21/0023254.shtml Slashdot article]


Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • Witty-Wurm — Der Witty Wurm ist ein Computerwurm, der sich ab dem 19. März 2004 im Internet verbreitete, mittlerweile aber nicht mehr in the wild vorzukommen scheint. Der Wurm ist auch unter dem Namen Blackworm bekannt. In Malware Datenbanken ist er meist… …   Deutsch Wikipedia

  • Timeline of computer viruses and worms — Contents 1 1960–1969 1.1 1966 2 1970–1979 2.1 1 …   Wikipedia

  • Timeline of notable computer viruses and worms — This is a timeline of noteworthy computer viruses and worms.1970 1979Early 1970s* Creeper virus was detected on ARPANET infecting the Tenex operating system. Creeper gained access independently through a modem and copied itself to the remote… …   Wikipedia

  • Хронология компьютерных вирусов и червей — Здесь приведён хронологический список появления некоторых известных компьютерных вирусов и червей, а также событий, оказавших серьёзное влияние на их развитие. Содержание 1 2012 2 2011 3 2010 4 2009 …   Википедия

  • Cell (novel) — Cell   …   Wikipedia

  • literature — /lit euhr euh cheuhr, choor , li treuh /, n. 1. writings in which expression and form, in connection with ideas of permanent and universal interest, are characteristic or essential features, as poetry, novels, history, biography, and essays. 2.… …   Universalium

  • Computerwurm — Ein Computerwurm (im Computerkontext kurz Wurm) ist ein Computerprogramm oder Skript mit der Eigenschaft, sich selbst zu vervielfältigen, nachdem es ausgeführt wurde.[1] In Abgrenzung zum Computervirus verbreitet sich der Wurm, ohne fremde… …   Deutsch Wikipedia

  • Stack buffer overflow — In software, a stack buffer overflow occurs when a program writes to a memory address on the program s call stack outside of the intended data structure; usually a fixed length buffer.cite web last = Fithen first = William L coauthors = Seacord,… …   Wikipedia

  • Richard Mitchell — Dr. Richard Mitchell (April 26, 1929 ndash; December 27, 2002) was a professor, first of English and later of classics, [Sources are unclear on this subject. See the section Life for details.] at Glassboro State College in Glassboro, New Jersey.… …   Wikipedia

  • Silhouette Mirage — Infobox VG| title = Silhouette Mirage developer = Treasure Co. Ltd publisher =vgrelease|Japan|JPN|ESP designer = Koichi Kimura (producer), Masaki Ukyo (director) engine = released =Saturn vgrelease|Japan|JPN|September 10, 1997 PlayStation… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”