According to the bandwidth graphs I'm seeing, there are going to be quite a few systems that need to be cleaned up. -Russell Rich Wiggins wrote: > There is a new worm that exploits a flaw in Black Ice. The worm > destroys data on infected computers. Symantec calls the worm Witty. > The worm attacks via UDP. There seems to be a little confusion > among the reports as to what ports are used. The vendor, ISS, says > the source port is 4000 and the destination port is random. > It is memory resident and most antivirus products won't catch it. > > Here's Symantec's report: > > http://www.sarc.com/avcenter/venc/data/w32.witty.worm.html > > The vendor, has released a software update. The vendor says "The worm > is very serious in nature, with potential destructive properties." > A detailed ISS alert is at: > > http://xforce.iss.net/xforce/alerts/id/167 > > Also, if you go to this page: > > http://blackice.iss.net/contact_us.php > > Click on Knowedgebase and you'll see recent articles about the > exploit and the Witty worm. > > Some reports suggest unplugging the network connection for any > computer that runs Black Ice until it can be ugpraded. Anyone > running Black Ice on Windows desktops or servers will want to take > action. > > We've posted a Bulletin at help.msu.edu/status which we'll update > as we learn more. > > /rich >