The Spread of the Witty Worm

Published 10 May 04 12:05 PM

Thanks to Joel Scambray (coauthor of the Hacking Exposed series of books) for bringing this to my attention.

Not many people paid much attention to this worm, because it affected a non-Microsoft product, but the analysis is interesting nevertheless. What was really worrying (to me, anyway) is the one day (yes, ONE DAY!) time delta from the vulnerability being publicly known (when ISS issued their patch, and eEye (http://www.eeye.com/html/Research/Advisories/AD20040318.html) issued their disclosure) to the worm's arrival. It was also the first real destructive worm.

CAIDA has a very nice write up on the worm.

by michael_HOWARD
Filed under:

Comments

# Dennis Forbes said on May 11, 2004 8:16 AM:
"...because it affected a non-Microsoft product..."

I think a fairer statement is "because its maximum impact was 12,000, often `low-value' hosts" (who runs add-in software firewalls on high value machines?). Microsoft does get unfairly critical attention at times, but in this case I think your analysis was flawed.
# Michael Howard said on May 11, 2004 11:06 AM:
The fact that it affected "only" 12,000 hosts is interesting - and it is noted in the paper - it doesn't take millions of machines to support a worm.
New Comments to this post are disabled
Page view tracker