Witty attacks your firewall and destroys your data

Monday, 22 March 2004, 12:46 PM EST

A new worm that, ironically, makes sport of Win-32 systems defended by BlackIce and RealSecure firewall products from Internet Security Systems (ISS) began circulating Saturday.

The worm, dubbed 'witty,' is memory-resident only and propagates via UDP port 4000, and possibly others. While occupied with reproducing itself, it overwrites data on the local hard disk(s), and can render a machine un-bootable if it corrupts the master boot record or partition table, or file allocation tables.

The worm is exceptionally vicious by current standards and implies the presence of a highly motivated spoil-sport, such as a disgtruntled former employee, an envious competitor, or a monumentally dissatisfied customer. Or it could just be a cool bit of retro coding.

By Thomas C Greene at The Register.

[ Read more ]

Related items




Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //