ALERT

[FREE DEMO] Deploy Your Enterprise Cloud in Minutes

Witty Worm

Definition - What does Witty Worm mean?

Witty Worm is a type of computer malware that attacks security systems created by Internet Security Systems (ISS) (now known as IBM ISS). The Witty Worm bypasses firewalls by sending itself to random IP addresses with random destination ports. Witty Worm has a destructive payload that erases data and creates potentially high levels of destruction. The Worm is less than 700 bytes in length.

The Witty Worm is a milestone in malware history because it represented the first malware instance known for targeting a particular set of security products. The Witty Worm is also the first worm known for destroying its hosts.

Techopedia explains Witty Worm

In 2004, the Witty Worm emerged as a well-written and destructive virus that infected and damaged 12,000 systems within a span of only 45 minutes. The Witty Worm was released from a bot network of 100 infected machines - a previously unknown methodology.

The Witty Worm infected computers running the following products:

  • BlackICE Agent for Server 3.6 ebz, ecd, ece, ecf
  • BlackICE PC Protection 3.6 cbz, ccd, ccf
  • BlackICE Server Protection 3.6 cbz, ccd, ccf
  • RealSecure Network 7.0, XPU 22.4 and 22.10
  • RealSecure Server Sensor 7.0 XPU 22.4 and 22.10
  • RealSecure Desktop 7.0 ebf, ebj, ebk, ebl
  • RealSecure Desktop 3.6 ebz, ecd, ece, ecf
  • RealSecure Guard 3.6 ebz, ecd, ece, ecf
  • RealSecure Sentry 3.6 ebz, ecd, ece, ecf

The Worm masquerades as a valid ICQ packet and uses User Datagram Protocol (UDP) port 4000 to send itself to multiple IP addresses. As soon as the Witty Worm infects a system by taking advantage of ISS software vulnerabilities, it tries to infect other systems in the same manner. Thus, rebooting infected systems is not recommended, and these systems should be removed from a network to prevent propagation.

The Witty Worm can be removed by downloading ISS security patches. Because the Worm attacks computer memory, a data recovery system to restore full functionality is required.

Techopedia Deals

Connect with us

Techopedia on Linkedin
Techopedia on Linkedin
Tweat cdn.techopedia.com
"Techopedia" on Twitter


'@Techopedia'
Sign up for Techopedia's Free Newsletter!

Email Newsletter

Join thousands of others with our weekly newsletter

Resources
The 4th Era of IT Infrastructure: Superconverged Systems
The 4th Era of IT Infrastructure: Superconverged Systems:
Learn the benefits and limitations of the 3 generations of IT infrastructure – siloed, converged and hyperconverged – and discover how the 4th...
Approaches and Benefits of Network Virtualization
Approaches and Benefits of Network Virtualization:
Businesses today aspire to achieve a software-defined datacenter (SDDC) to enhance business agility and reduce operational complexity. However, the...
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.