[WEBINAR] The New Normal: Dealing with the Reality of an Unsecure World

Witty Worm

Definition - What does Witty Worm mean?

Witty Worm is a type of computer malware that attacks security systems created by Internet Security Systems (ISS) (now known as IBM ISS). The Witty Worm bypasses firewalls by sending itself to random IP addresses with random destination ports. Witty Worm has a destructive payload that erases data and creates potentially high levels of destruction. The Worm is less than 700 bytes in length.

The Witty Worm is a milestone in malware history because it represented the first malware instance known for targeting a particular set of security products. The Witty Worm is also the first worm known for destroying its hosts.

Techopedia explains Witty Worm

In 2004, the Witty Worm emerged as a well-written and destructive virus that infected and damaged 12,000 systems within a span of only 45 minutes. The Witty Worm was released from a bot network of 100 infected machines - a previously unknown methodology.

The Witty Worm infected computers running the following products:

  • BlackICE Agent for Server 3.6 ebz, ecd, ece, ecf
  • BlackICE PC Protection 3.6 cbz, ccd, ccf
  • BlackICE Server Protection 3.6 cbz, ccd, ccf
  • RealSecure Network 7.0, XPU 22.4 and 22.10
  • RealSecure Server Sensor 7.0 XPU 22.4 and 22.10
  • RealSecure Desktop 7.0 ebf, ebj, ebk, ebl
  • RealSecure Desktop 3.6 ebz, ecd, ece, ecf
  • RealSecure Guard 3.6 ebz, ecd, ece, ecf
  • RealSecure Sentry 3.6 ebz, ecd, ece, ecf

The Worm masquerades as a valid ICQ packet and uses User Datagram Protocol (UDP) port 4000 to send itself to multiple IP addresses. As soon as the Witty Worm infects a system by taking advantage of ISS software vulnerabilities, it tries to infect other systems in the same manner. Thus, rebooting infected systems is not recommended, and these systems should be removed from a network to prevent propagation.

The Witty Worm can be removed by downloading ISS security patches. Because the Worm attacks computer memory, a data recovery system to restore full functionality is required.

Techopedia Deals

Connect with us

Techopedia on Linkedin
Techopedia on Linkedin
"Techopedia" on Twitter

Sign up for Techopedia's Free Newsletter!

Email Newsletter

Join thousands of others with our weekly newsletter

Free Whitepaper: The Path to Hybrid Cloud
Free Whitepaper: The Path to Hybrid Cloud:
The Path to Hybrid Cloud: Intelligent Bursting To Amazon Web Services & Microsoft Azure
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.