[17316] in cryptography@c2.net mail archive
analysis of the Witty worm
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Thu Jun 2 12:26:57 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: cryptography@metzdowd.com
Date: Wed, 01 Jun 2005 21:05:28 -0400
Readers of this list may be interested in an analysis of the Witty
worm's spread by Kumark, Paxson, and Weaver. An article summarizing
the paper is at http://www.zdnet.co.uk/print/?TYPE=story&AT=39200183-39020375t-10000025c
A tentative conclusion is that the worm was probably written by an
insider at ISS....
The paper itself (there's a link in the article) has several more items
of interest to this list. Especially interesting is the effective
cryptanalysis of the PRNG used by the worm. Implicit in many of the
analyses, though not a focus of the paper, is the amount of information
that the authors could gather about network configurations at different
sites: as we all know, traffic analysis is a powerful technique.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
