Si tratterebbe del primo worm virus progettato specificamente per sfruttare i punti deboli di un particolare firewall, in questo caso la coppia BlackICE di Internet Security Systems e RealSecure di IDS Software:
Thousands of users of Internet Security Systems Inc's BlackICE personal firewall and RealSecure IDS software were hit by an automated worm with a destructive payload that hit the internet on Saturday, ISS said yesterday.Fonte: Computer Business Review.
The worm is the first of its type that uses a vulnerable firewall as the way in, and the first of its type that destroys data. It also represents the fastest turnaround between a vulnerability being disclosed and a worm being released, ever.
Named "Witty", the worm arrives as a UDP message of between 600 and 1,000 bytes that exploits a vulnerability in BlackICE's protocol analysis module (PAM) ICQ message handler, which was disclosed on March 18.
When it has infected a PC, it generates 20,000 random IP addresses that it tries to infect, then overwrites 64K of the local hard disk with gibberish - destroying whatever data is there - then generates another 20,000 addresses and continues the loop.
Nessun commento:
Posta un commento
Nota. Solo i membri di questo blog possono postare un commento.