Domain Registration Related News
Witty Worm Targets Black Ice, Disables
Machines
March 2004
A Slammer-like worm dubbed Witty is spreading,
generating large amounts of network traffic and
leaving ruined computers in its wake.
The worm, which appeared overnight Friday,
exploits a weakness in the widely-used Black Ice
security products, and is not detected by
antivirus software, as it resides in memory. When
an infected system is rebooted, Witty deletes a
randomly chosen section of the hard drive,
rendering some machines unusable.
The Internet Storm Center raised its incident
alert level to yellow, and advised that vulnerable
systems be taken off the network. "Disconnect
systems running BlackIce as soon as possible,"
said the advisory at the ISC, run by the SANS
Institute. Symantec also advised that network
admins disconnect machines running Black Ice.
Infected hosts will send large amounts of UDP
traffic, typically saturating a local network
connection, according to SANS. The traffic
originates from port 4000, with earlier reports of
alternate source ports now being discounted.
|