[34189] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Any dissasemblies of the Witty worm yet?

daemon@ATHENA.MIT.EDU (Nicholas Weaver)
Sat Mar 20 12:53:22 2004

Date: Sat, 20 Mar 2004 07:51:15 -0800
From: Nicholas Weaver <nweaver@CS.berkeley.edu>
To: bugtraq@securityfocus.com
Message-ID: <20040320075115.A14996@ring.CS.Berkeley.EDU>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


	Has anyone done a dissassembly of the "Witty" worm yet?  

http://isc.incidents.org/diary.html?date=2004-03-20
http://securityresponse.symantec.com/avcenter/venc/data/w32.witty.worm.html

	using the 
http://seclists.org/lists/bugtraq/2004/Mar/0181.html
	recent bug in BlackICE/RealSecure?

	We are seeing a lot of activity from this worm, although even
a small infection would generate a LOT of traffic (a side-effect of
bandwidth-limited worms, such as single-packet UDP worms).

	Thanks.

-- 
Nicholas C. Weaver                                 nweaver@cs.berkeley.edu


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[34189] in bugtraq

Any dissasemblies of the Witty worm yet?

daemon@ATHENA.MIT.EDU (Nicholas Weaver)Sat Mar 20 12:53:22 2004

daemon@ATHENA.MIT.EDU (Nicholas Weaver)
Sat Mar 20 12:53:22 2004