OT: New dangerous worm
- From: "Kenny Mann" <Kennymann@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Sat, 20 Mar 2004 19:35:24 -0600
http://xforce.iss.net/xforce/alerts/id/167
For those that run BlackIce and/or RealSecure....
Quoted from the page:
Synopsis:
ISS X-Force has learned of a worm that is spreading via the ICQ parsing
vulnerability in ISS products that was announced on March 18th. The worm
targets unpatched versions of the BlackICE PC Protection product. If a
vulnerable system is infected, the Witty worm attempts to propagate by
scanning random IP addresses. The Witty worm progressively writes junk
data to physical hard drives after transmitting 20,000 packets, causing
data damage.
Impact:
The Witty worm uses hard-coded addresses and only has the ability to
infect certain builds of the Protocol Analysis Module (PAM). The Witty
worm is destructive to the target system, and overwrites key hard disk
sectors after sending out its payload. The junk data written to disk
may impact system stability and cause a "blue screen" to occur upon reboot.
The Witty worm only infects specific builds of PAM listed below, and can
only infect Win32 systems.
Affected Versions:
BlackICEâ Agent for Server 3.6 ebz, ecd, ece, ecf
BlackICE PC Protection 3.6 cbz, ccd, ccf
BlackICE Server Protection 3.6 cbz, ccd, ccf
RealSecure Network 7.0, XPU 22.4 and 22.10
RealSecure Server Sensor 7.0 XPU 22.4 and 22.10
RealSecure Desktop 7.0 ebf, ebj, ebk, ebl
RealSecure Desktop 3.6 ebz, ecd, ece, ecf
RealSecure Guard 3.6 ebz, ecd, ece, ecf
RealSecure Sentry 3.6 ebz, ecd, ece, ecf
Note: No Proventia products are affected by the Witty worm. The newest
updates for all products are not vulnerable to exploitation.
Other related posts:
