Witty Worm

Why Trust Techopedia

What Does Witty Worm Mean?

Witty Worm is a type of computer malware that attacks security systems created by Internet Security Systems (ISS) (now known as IBM ISS). The Witty Worm bypasses firewalls by sending itself to random IP addresses with random destination ports. Witty Worm has a destructive payload that erases data and creates potentially high levels of destruction. The Worm is less than 700 bytes in length.


The Witty Worm is a milestone in malware history because it represented the first malware instance known for targeting a particular set of security products. The Witty Worm is also the first worm known for destroying its hosts.

Techopedia Explains Witty Worm

In 2004, the Witty Worm emerged as a well-written and destructive virus that infected and damaged 12,000 systems within a span of only 45 minutes. The Witty Worm was released from a bot network of 100 infected machines – a previously unknown methodology.

The Witty Worm infected computers running the following products:

  • BlackICE Agent for Server 3.6 ebz, ecd, ece, ecf
  • BlackICE PC Protection 3.6 cbz, ccd, ccf
  • BlackICE Server Protection 3.6 cbz, ccd, ccf
  • RealSecure Network 7.0, XPU 22.4 and 22.10
  • RealSecure Server Sensor 7.0 XPU 22.4 and 22.10
  • RealSecure Desktop 7.0 ebf, ebj, ebk, ebl
  • RealSecure Desktop 3.6 ebz, ecd, ece, ecf
  • RealSecure Guard 3.6 ebz, ecd, ece, ecf
  • RealSecure Sentry 3.6 ebz, ecd, ece, ecf

The Worm masquerades as a valid ICQ packet and uses User Datagram Protocol (UDP) port 4000 to send itself to multiple IP addresses. As soon as the Witty Worm infects a system by taking advantage of ISS software vulnerabilities, it tries to infect other systems in the same manner. Thus, rebooting infected systems is not recommended, and these systems should be removed from a network to prevent propagation.

The Witty Worm can be removed by downloading ISS security patches. Because the Worm attacks computer memory, a data recovery system to restore full functionality is required.


Related Terms

Margaret Rouse
Senior Editor
Margaret Rouse
Senior Editor

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.