According to F-Secure if you aren't running BlackIce then you are fine. http://www.f-secure.com/v-descs/witty.shtml - Peter Cole Wheeler, Bill writes: > Pardon the possibly silly question, but am I correct that 'Witty' only affects computers running BlackIce? > Bill Wheeler > Systems Programmer and Administrator > Michigan State University Libraries > E-mail: [log in to unmask] Phone: (517)432-6123 x 234 > > -----Original Message----- > From: Rich Wiggins [mailto:[log in to unmask]] > Sent: Monday, 22 March, 2004 10:52 AM > To: [log in to unmask] > Subject: [MSUNAG] Update on Black Ice / Witty infections > > > It appears that Witty is quite good at trying to infect, but not > very good at actually infecting targeted computers. Doug Nelson > identified about 20 computers at MSU that show signs of infection. > Doug estimates that those computers probably hit every IP at MSU > at least once. > > Help desk staff are contacting the owners. (Those users who > do find their computers infected may find that they are not > bootable, since Witty trashes some sectors on the hard drive.) > > Witty traffic originates from a source port of UDP 9000. Such > traffic coming into MSU on that port is now being blocked. > This may affect some ICQ users. > > Nonetheless, anyone running Black Ice who has not upgraded > should unplug their network connection or turn off their computer > until they are ready to upgrade. > > /rich >