Wednesday, June 09, 2004

Schneier: Witty worm was pretty bad

The Witty worm: A new chapter in malware - Computerworld
Witty was the first worm to target a particular set of security products -- in this case Internet Security System's BlackICE and RealSecure. It infected and destroyed only computers that had particular versions of this software running.

A few things we learned from this worm:

Witty was wildly successful. Twelve thousand machines was the entire vulnerable and exposed population, and Witty infected them all -- worldwide -- in 45 minutes. It's the first worm that quickly corrupted a small population. Previous worms targeting small populations such as Scalper and Slapper were glacially slow.

Close all your firewall ports. Don't buy firewalls from companies that have let backdoors be inserted (NetGear, Linksys, others?). Use a Mac.

No comments: