MSUNAG Archives

MSUNAG Archives


View:

Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font

Options:

Join or Leave MSUNAG
Reply | Post New Message
Search Archives


Subject: Black Ice flaw exploited by destructive Witty worm
From: Rich Wiggins <[log in to unmask]>
Reply-To:Rich Wiggins <[log in to unmask]>
Date:Sun, 21 Mar 2004 13:39:33 EST
Content-Type:text/plain
Parts/Attachments:
Parts/Attachments

text/plain (33 lines) 


There is a new worm that exploits a flaw in Black Ice.  The worm
destroys data on infected computers.  Symantec calls the worm Witty.
The worm attacks via UDP.  There seems to be a little confusion
among the reports as to what ports are used.  The vendor, ISS, says
the source port is 4000 and the destination port is random.
It is memory resident and most antivirus products won't catch it.

Here's Symantec's report:

http://www.sarc.com/avcenter/venc/data/w32.witty.worm.html

The vendor, has released a software update.  The vendor says "The worm
is very serious in nature, with potential destructive properties."
A detailed ISS alert is at:

http://xforce.iss.net/xforce/alerts/id/167

Also, if you go to this page:

http://blackice.iss.net/contact_us.php

Click on Knowedgebase and you'll see recent articles about the
exploit and the Witty worm.

Some reports suggest unplugging the network connection for any
computer that runs Black Ice until it can be ugpraded.  Anyone
running Black Ice on Windows desktops or servers will want to take
action.

We've posted a Bulletin at help.msu.edu/status which we'll update
as we learn more.

/rich

Back to: Top of Message | Previous Page | Main MSUNAG Page

Permalink


LIST.MSU.EDU

CataList Email List Search Powered by the LISTSERV Email List Manager