'Witty' worm exploits hole in BlackIce security product
ISS estimated that the worm infected about 12,000 IP addresses
IDG News Service - A new worm that exploited a hole in some of Internet Security Systems Inc.'s intrusion-protection products seems to be dying down after affecting thousands of IP addresses since Saturday.
The Witty worm, which has affected some versions of ISS's BlackIce and RealSecure intrusion-protection products, is "highly malicious" because it slowly destroys the systems it infects, according to an alert from Lurhq Corp., a managed security provider. "Rather than simply executing a 'format C:' or similar destructive command, the worm slowly corrupts the filesystem while it continues to spread," Lurhq's alert said.
The spread of the worm appeared to be slowing today, said Joe Stewart, senior security researcher at Myrtle Beach, Calif.-based Lurhq. "It was only a big deal for the people who had the ISS products' specific versions," he said. "It was not a threat for Windows users in general."
Atlanta-based ISS estimated that the worm infected about 12,000 IP addresses, although the exact number is difficult to determine, said Dan Ingevaldson, director of X-Force research and development at ISS. Early reports had the worm infecting up to 50,000 IP addresses, but Ingevaldson said the company's scans didn't find evidence of the worm being that widespread.
"We saw a spike in the first days of the infection, and it's been going down since then," he said.
The worm, which exploited an ICQ parsing vulnerability, affected non-updated versions of the BlackIce and RealSecure products. A complete list of affected versions is available at ISS's alert site online. An ISS update that fixes the vulnerability has been available since March 9.
In addition to the maliciousness of the worm, its timing is also significant, Stewart said. A vulnerability alert for the ISS products was released on March 18, and the worm began spreading March 20. The writer of the worm either knew of the vulnerability before the announcement or wrote and tested the worm in less than two days, he said.
"Usually, you have a week or two after the vulnerability was announced," Stewart said. "This was a substantial piece of work to be done in one day."
ISS counts about 1.6 million corporate installations of the BlackIce PC intrusion-detection software, and that number doesn't include home installations. The worm illustrates the importance of running updated intrusion-detection and firewall software, Ingevaldson added.
"Our customers know you have to apply the most recent updates," he said. "They know that for it to work, they need to have the most recent updates, and they would not be affected at all if they did."
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Gartner 2013 Magic Quadrant for Enterprise Backup/Recovery Software See why CommVault was positioned as the #1 leader in Gartner's 2013 Magic Quadrant for Enterprise Backup/Recovery software for the 3rd year in...
- Forrester Report: CommVault is a Leader in Enterprise Backup and Recovery In this report, Forrester takes a deep dive into the evaluation criteria, how CommVault is positioned and the features and functionality that make...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Malware and Vulnerabilities White Papers |