Witty attacks your firewall and destroys your data

Monday, 22 March 2004, 12:46 PM EST

A new worm that, ironically, makes sport of Win-32 systems defended by BlackIce and RealSecure firewall products from Internet Security Systems (ISS) began circulating Saturday.

The worm, dubbed 'witty,' is memory-resident only and propagates via UDP port 4000, and possibly others. While occupied with reproducing itself, it overwrites data on the local hard disk(s), and can render a machine un-bootable if it corrupts the master boot record or partition table, or file allocation tables.

The worm is exceptionally vicious by current standards and implies the presence of a highly motivated spoil-sport, such as a disgtruntled former employee, an envious competitor, or a monumentally dissatisfied customer. Or it could just be a cool bit of retro coding.

By Thomas C Greene at The Register.

[ Read more ]

Related items




Spotlight

Hope is not a strategy, we need more healthy paranoia

35 percent of security experts believe leadership within their organization lacks a healthy paranoia, with 21 percent of leadership "relying on hope as a strategy" to avoid a cyber security breach.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Aug 31st
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //