Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Witty" Worm Wrecks Computers

Posted by timothy on from the your-ruse-your-clever-trick dept.

An anonymous reader writes "A new Internet worm wriggled across the entire Internet in the span of a few hours Saturday morning to all computers running several recent versions of firewall software from Internet Security Systems, including BlackICE and RealSecure, according to this story at Washingtonpost.com. The flaw that Witty exploited was discovered Wednesday by eEye Digital Security. The worm overwrites data on the first few sectors of the victim's hard drive, making the machine virtually ubootable and potentially destroying much - if not all - of the victim's data." Update: 03/21 02:18 GMT by T : Reader Jeff Horning points out that eEye actually disovered the worm on the 8th of March, and came up with a fix the next day.

12 of 587 comments (clear)

  1. Back in my day... by Anonymous Coward · · Score: 5, Interesting


    Worms and Viruses caused DATA LOSS!

    It's nice to see a worm that actually damages your disk once again. Perhaps people will begin to see them as more than a nuiscance.

  2. Re:Liability? by wo1verin3 · · Score: 5, Interesting

    I was just thinking about this, can the company be held liable for their software allowing others to basically destroy all data on the computer?

    Then I got to thinking, what about Microsoft whose os's and products who have cost millions and millions of dollars.... while some of them require user interaction, others have effectively shutdown the internet for wide areas for short periods of the time.. remember the sql one? :)

  3. two striking things... by psycho_tinman · · Score: 4, Interesting

    First, the speed at which the exploit was translated from advisory to a malicious worm.. Second, this is one of the few old-school "do as much damage as you can" worms. At least it makes a change from the monotony of the mass mailing attachment exploit variety of viruses..Not a welcome change for the people who got hit by it of course :(

    By the way, in case you get prompted for registration and your principles don't allow you to give out your email address, use Bugme Not to find a login. Click here

  4. how do you lose the data? by Sivaram_Velauthapill · · Score: 4, Interesting

    How would overwriting the first few sectors result in loss of all data? Wouldn't that just overwrite the boot sector only? Can't you still retrieve your data?

    Sivaram Velauthapillai

    --
    Sivaram Velauthapillai
    Seeking the meaning of life... @slashdot of all places ;)
  5. Worthless govt agency by EvilStein · · Score: 5, Interesting

    It's a weekend, why should they care about putting out their timely alerts, eh?

    "Officials at the Department of Homeland Security, which is in charge of the government's cybersecurity efforts, were unavailable for comment."

  6. Re:where are all the virus's that do real damage? by JPriest · · Score: 4, Interesting
    Why is this modded troll, it is a good point. If they wipe the disk clean they force the USER to police their own system, rather than forcing admins to try an police the mess of traffic caused by users that don't give a shit.

    Users are not going to remove all the worms from their PCs, maybe it is a good thing to have a worm that cleans the PC for them every 6 months or so.

    --
    Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
  7. IT WAS YOU!!! by gbrayut · · Score: 5, Interesting
    from washington post article:
    The Witty worm gets its moniker from a message buried within its code that says: "insert witty message here." That comes just before the code that overwrites the infected hard drives.
  8. Knoppix by amembleton · · Score: 4, Interesting
    The worm overwrites data on the first few sectors of the victim's hard drive, making the machine virtually ubootable and potentially destroying much - if not all - of the victim's data.

    Surelly you could still access the data and copy it onto another Hard disk, burn it to CD or copy it to a USB pen by running Knoppix.

  9. Re:One question, and one answer. by iansmith · · Score: 4, Interesting

    Actually, pretty easy.

    If you could actually turn off unwanted and insecure services you wouldn't NEED a firewall.

    My FreeBSD/Linux based routers serve as firewalls for my Windows boxes. Very easy to turn off everything but ssh.

    In Windows you can't even tell whats running let alone shut it off. There are many ports that get attached to every interface and no way to fix it.

    The first and only firewall most people need is an OS that doesn't open itself up to the world like a cheap two-bit, umm, door. Or something. :-)

  10. Re:where are all the virus's that do real damage? by Mesaeus · · Score: 4, Interesting

    Don't forget there are actually lusers out there who know their windows box is infected but refuse to do something about it because they aren't hindered by the virusses and doing something would cost money/time/energy (take your pick). I've encountered some of these and I wish their computer a slow, painful death.

  11. Re:Stick to hardware routers and firewalls... by SmackCrackandPot · · Score: 4, Interesting

    I cannot begin to imagine the pleasure and joy of having to program/burn/flash/install the latest versions of the Internet Explorer/Outlook Express BIOS ROMS every time a new security update came out. Having my mortal flesh torn apart by hooks would be less painful. Although, having PC's go back to the days of ROM cartridges wouldn't be too bad. Maybe this could happen when 1 Gigabyte ROM's become commoditized.

  12. Re:Recovery Tool by soloport · · Score: 4, Interesting

    Yeah. Knoppix to the rescue! (Again)

    Wow. How is this 'offtopic'?

    Am I the only one who, nearly every week, recovers a client's "valuable data" using Knoppix when something has eaten Windows alive? (And sometimes Windows eats itself alive, unfortunately.)