Analysis of the Witty Worm

DavidMoore writes "The Cooperative Association for Internet Data Analysis (CAIDA) and the University of California, San Diego Computer Science Department have an analysis of the recent Witty worm. Among other things, Witty was started in an organized manner with an order of magnitude more ground-zero hosts than any previous Internet worm."

We can catch the worm's author

I'm posting anonymously for obvious reasons.

I'm a Teaching Fellow (TF) in the Harvard Law School, and I believe that the hackers behind the witty worm can be caught and brought to justice.

1. There are laws against hacking: The Patriot Act and other laws generated by the Deparment of Homeland Security are examples. This worm has intentionally terrorized computer networks across the world, and we can prosecute these bastards.
2. There are 100 ground-zero IP addresses recorded in the telescope: these ground-zero hosts are likely to be useful for forensics, and search warrants should be issued for their recovery. Without too much trouble, we could probably find a username in /etc/passwd from one of the hackers.

With a bit of work, I believe that the hackers can be brought to justice. The question is, what happens next week when the next bored teenager releases the next worm?

Re:Save yourself some reading

[Minna+Kirai]

That's a bug in ZoneAlarm.

Zonealarm is a Windows program. And because of that bug, the worm is able to infect: Windows systems.

Therefore it's a Windows worm. Whose fault allowed it to spread is irrelevant to the fact of which platform winds up hosting the infection. Most Windows worms have been the fault of Microsoft, but that doesn't always have to be the case (and usually the vulnerable code was not the OS itself, but free applications shipped with it)

Whenever Outlook spreads a worm, that's a Windows infection. If it ever happened that Gnome Evolution spread something, it'd probably be a Linux worm.