Witty attacks your firewall and destroys your data
A new worm that, ironically, makes sport of Win-32 systems defended by BlackIce and RealSecure firewall products from Internet Security Systems (ISS) began circulating Saturday.
The worm, dubbed 'witty,' is memory-resident only and propagates via UDP port 4000, and possibly others. While occupied with reproducing itself, it overwrites data on the local hard disk(s), and can render a machine un-bootable if it corrupts the master boot record or partition table, or file allocation tables.
The worm is exceptionally vicious by current standards and implies the presence of a highly motivated spoil-sport, such as a disgtruntled former employee, an envious competitor, or a monumentally dissatisfied customer. Or it could just be a cool bit of retro coding.
By Thomas C Greene at The Register.
[ Read more ]
- Review: Personal Firewalls for Administrators and Remote Users (13 March 2003)
- Review: Firewalls and Internet Security: Repelling the Wily Hacker 2/e (30 January 2003)