Pardon the possibly silly question, but am I correct that 'Witty' only affects computers running BlackIce? Bill Wheeler Systems Programmer and Administrator Michigan State University Libraries E-mail: [log in to unmask] Phone: (517)432-6123 x 234 -----Original Message----- From: Rich Wiggins [mailto:[log in to unmask]] Sent: Monday, 22 March, 2004 10:52 AM To: [log in to unmask] Subject: [MSUNAG] Update on Black Ice / Witty infections It appears that Witty is quite good at trying to infect, but not very good at actually infecting targeted computers. Doug Nelson identified about 20 computers at MSU that show signs of infection. Doug estimates that those computers probably hit every IP at MSU at least once. Help desk staff are contacting the owners. (Those users who do find their computers infected may find that they are not bootable, since Witty trashes some sectors on the hard drive.) Witty traffic originates from a source port of UDP 9000. Such traffic coming into MSU on that port is now being blocked. This may affect some ICQ users. Nonetheless, anyone running Black Ice who has not upgraded should unplug their network connection or turn off their computer until they are ready to upgrade. /rich