Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Witty (computer worm)
open-in-new
<h2 id="propagation">Propagation</h2> <p>On March 19, 2004, the 'Witty' worm began infecting hosts connected to the <a href="/facts/Internet/Xw1rVvJU">Internet</a> (and running the vulnerable ISS software) without any seed population.<a class="footnote-ref" id="fnref:1" href="#fn:1"><sup>1</sup></a> Within a half-hour it infected 12,000 computers and was generating 90 Gbit/s (<a href="/facts/Gigabit/X71SBDuf">gigabits</a> per second) of <a href="/facts/User_Datagram_Protocol/dxLU0D6q">UDP</a> traffic. </p> <h2 id="effect-of-worm">Effect of worm</h2> <p>Once Witty infects a computer by exploiting a vulnerability in the ISS software packages (RealSecure Network, RealSecure Server Sensor, RealSecure Desktop, and BlackICE), it attempts to infect other computers using the same vulnerability. </p><p>Witty launches these attacks as fast as possible, attacking a pseudo-random subset of <a href="/facts/IP_address/z9V22Sw9">IP addresses</a> as quickly as allowed by the computer's Internet connection. It repeats these attacks in groups of 20,000, alternately launching attacks and overwriting sections of the computer's <a href="/facts/Hard_disk/kekLSGSE">hard disk(s)</a>. </p> <ul><li>Shannon, Colleen and David Moore (2004). <a href="http://www.caida.org/analysis/security/witty/">"The Spread of the Witty Worm"</a>. (Last updated June 21, 2005; Retrieved November 14, 2005.)</li> <li>Abhishek Kumar, Vern Paxson and Nicholas Weaver (2005). <a href="https://web.archive.org/web/20050618001819/http://www.cc.gatech.edu/~akumar/witty.html">"Outwitting the Witty worm"</a>. (Last updated May 24, 2005; Retrieved February 2, 2006.)</li></ul> <h2 id="external-links">External links</h2> <ul><li><a href="https://web.archive.org/web/20040321163910/http://www.eeye.com/html/Research/Advisories/AD20040318.html">ISS vulnerability announcement (from Internet Archive)</a></li> <li><a href="https://www.caida.org/research/security/witty/">Analysis of the worm propagation by CAIDA</a> (Cooperative Association for Internet Data Analysis)</li> <li><a href="https://slashdot.org/articles/04/03/21/0023254.shtml">Slashdot article</a></li></ul> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>Errata Security Author Article <a href="http://blog.erratasec.com/2014/03/witty-worm-no-seed-population-involved.html" target="_blank">http://blog.erratasec.com/2014/03/witty-worm-no-seed-population-involved.html</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> </ol>