New worm outwits computer security firm

The worm, dubbed witty.A, was designed to breach a security hole in the company's widely used firewall product line-ups such as its BlackICE and RealSecure software series.

Reports from Internet monitoring firms suggest the worm is similar to blaster which appeared last August and left a multi-million dollar damage trail for companies to clean up.

Security experts say the worm could cause system crashes as it tampers with local hard drives.

ISS posted an update to patch the hole on its Website late late last week but gave no indication of how long they'd known about the weakness. Witty had infected an estimated 10,000 computers by early Saturday, EDT, and recent reports suggest that number may have increased to around 50,000 in the last 24 to 48 hours.

Unlike recent viruses that have relied on e-mail to spread, witty requires no human intervention in order to propagate.

Like blaster, witty spreads autonomously using its host PC as staging point to snoop around for other vulnerable PCs. However, witty was designed to target a flaw in software used in ISS software products to examine ICQ traffic. Once it has infected a new machine it runs alongside ISS software and continues the infection cycle.

Security experts are advising ISS firewall customers to patch their software immediately or use it to block UDP port 4000 to close the door on the worm.

The worm picked up its name from what appears to be a signature marking left in it source code by the programmer.

• Related stories

• Alerts

Add your opinion

We see this time and time agai ...Anonymous -- 22/03/04

We see this time and time again where companies are all too reliant on software / hardware as a fix all solution. A common phrase "We've got a firewall so we're safe". Firms such as www.it-security-audit.com have a much better approach, dealing not only with the exterior weaknesses, but making sure the internal security standards are such that should an incident occur, the risks are minimized (The holistic approach). I fear that until companies wake up to the fact that just installing a piece of software won't protect them, we will see increasing incidents of this type. We are no longer in a "script kiddie" world.

• Reply to comment
• Reply to story
• Report offensive content

The sooner software companies ...Anonymous -- 23/03/04

The sooner software companies test their software before selling it to a trusting public, the better.
But with product cycles becomming smaller and smaller (just look at printers) they are doing less and less testing to see if there are any vunerabilities that some low life might try to exploit.
MS's bounty for the makers of Blaster and SOBig fix the problem, not the cause!

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials