DV Hardware bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
October 25, 2016 
Main Menu
News archives

Who's Online
There are currently 79 people online.


Latest Reviews
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
ROCCAT Isku FX gaming keyboard
Prolimatech Magnetic Pin

Follow us

Exploit in ISS's BlackICE firewall feeds fast-spreading worm Witty

Posted on Tuesday, March 23 2004 @ 00:14:34 CET by

Since Saturday Witty, a fast-spreading worm, has infected between 10,000 and 50,000 computer systems by exploiting a vulnerability in ISS's BlackICE firewall. The worm Witty exploits a stack overflow vulnerability within BlackICE that was disclosed only two days before the worm first appeared.
Unlike most other worms, Witty doesn't need human interaction to spread. Rather than rely on users to open a file attachment--the typical way worms propagate--Witty simply scans for vulnerable systems, then uses UDP port 4000 to infect the machine. This auto-spread strategy was last used to wreak havoc by 2003's MSBlast worm.

Witty is particularly dangerous, said experts, because after it executes, it opens a random drive on the PC and writes 65KB of data to a random location on the disk. It repeats that process until the system is rebooted or the computer crashes.

"This worm is highly malicious, slowly destroying the systems it infects," said security firm Lurhq, in an alert posted on its Web site. "Rather than simply executing a 'format C:' or similar destructive command, the worm slowly corrupts the file system while it continues to spread. Any infected machine will likely have its operating system and partition data destroyed along with most files on the physical drives, depending on how long the worm runs on the machine."

Internet Security Systems said its analysis indicated that only about two percent of its customers could be open to Witty's attack, but other analysts have tagged the number of infected machines at significant levels.

"It's unlikely that many computers will be patched against this vulnerability at this time," said Ken Dunham, the director of malicious code research at iDefense, in an e-mailed statement. "Early data suggests about 10,000 infected computers worldwide." Others have put forward the number of 50,000 infected machines.

Experts such as Dunham urged ISS customers to disable the firewall until it has been patched, and, where feasible, block traffic on UDP port 4000. ISS recommended that infected systems be disconnected from the network to stop the worm's spread.
So if you are using BlackICE please update your firewall as soon as possible at ISS's website

Source: InformationWeek



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2016 DM Media Group bvba