The spread of the Witty worm
Top Cited Papers
- 4 October 2004
- journal article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Security & Privacy
- Vol. 2 (4) , 46-50
- https://doi.org/10.1109/msp.2004.59
Abstract
On Friday, 19 March 2004, at approximately 8:45 p.m. Pacific Standard Time (PST), an Internet worm began to spread, targeting a buffer overflow vulnerability in several Internet Security Systems (ISS) products, including its RealSecure Network, RealSecure Server Sensor, RealSecure Desktop, and BlackICE. The worm took advantage of a security flaw in these firewall applications that eEye Digital Security discovered earlier in March. Once the Witty worm - so called because its payload contained the phrase, "(^,^)insert witty message here (^,^)" - infects a computer, it deletes a randomly chosen section of the hard drive, which, over time, renders the machine unusable. We share a global view of the worm's spread, with particular attention to its features.Keywords
This publication has 2 references indexed in Scilit:
- Internet quarantine: requirements for containing self-propagating codePublished by Institute of Electrical and Electronics Engineers (IEEE) ,2004
- Inside the Slammer wormIEEE Security & Privacy, 2003