Witty

The Witty worm is a computer worm that spreads on computers running the security-oriented software from Internet Security Systems [1], and propagates through the Internet directly connecting to vulnerable systems. The worm carries a destructive payload and will randomly delete a section of the hard drive of infected systems.

The Witty worm exploits a stack-based buffer overflow to infect the computer running the vulnerable software. The vulnerability it uses was named CAN-2004-0362 [2]. It was the first worm to propagate using a target of known vulnerable systems and also the worm that holds the record for being developed fastest, as there was only one day from advisory to release. Since it targeted security software, users running a properly configured firewall would be infected as the vulnerability was in the firewall software itself. Intrusion detection systems were also affected. After 45 minutes, the worm had already infected most of the (estimated) 12,000 computers vulnerable to it.

See also: Timeline of notable computer viruses and worms

External links

• eEye's Advisory of the vulnerable component used by the worm
• Analysis of the worm propagation by CAIDA
• Slashdot article