Fastest turnaround ever from 'flaw to infection'?
By Robert Lemos
Published: 23 March 2004 08:30 GMT
A worm exploiting holes in one company's internet security software quickly compromised tens of thousands of servers this past weekend, before crashing the infected computers.
The worm, dubbed Witty, exploits a flaw found last Wednesday in software and devices created by network protection firm Internet Security Systems. Using a manner of infection similar to the fast-spreading Slammer worm, the Witty program compromised more than 20,000 machines in less than an hour. The worm also overwrote data on the infected computer, quickly crashing systems, said Johannes Ullrich, chief technology officer for the Internet Storm Center.
"Because it crashes the machines eventually, it died off really fast," Ullrich said. He estimated almost 30,000 computers had been infected by the worm, and most of them had crashed because of file corruption within 30 minutes of being infected.
The worm breached systems through a security hole in ISS's firewall products, such as its BlackICE and RealSecure software. While the flaw affects the company's Proventia network devices, the manner in which the worm is constructed prevents it from infecting the devices.
ISS estimated that the worm could only affect about two per cent of its customer base. Subscribers to the company's maintenance service had already received the update a week prior to the release of the worm, ISS stated on its website.
Dan Ingevaldson, director of ISS's vulnerability research and development group, said: "We have been doing our own research and we came up with 12,000 internet addresses [that seem to be infected] at last check. It is impossible to know how widespread it is. Whenever you count IP addresses you may be double counting or triple counting machines."
An unknown author created the worm about two days after news of the flaw became public, in what may be the fastest turnaround of malicious code writing to date. Like Slammer, the Witty worm spread through single packets of data sent on the Internet using a protocol known as the user datagram protocol, or UDP.
Robert Lemos writes for News.com
Strong embedded C development skills are essential, ideally in a real-time environment with 3GPP comms protocol stack experience. Keywords: embedded ...
FIX Support Analyst with strong client facing skills required for a leading boutique financial software organisation. Based in the City of London, ...
Test Analyst - FIX Protocol - Banking - London 320/DayRequired by a leading financial company based in London, the Functional Test Analyst will ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Nick Heath Your top HR tech priorities for next year revealed How to make human resources IT work for you
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business