As reported last week, Internet security firm eEye had informed Internet Security Systems (ISS) of a vulnerability in its RealSecure and BlackICE firewall products on March 8, 2004. Now, two weeks later, the bug has been exploited, and it's wreaking havoc with supposedly "protected" systems worldwide.
Dubbed the "Witty" worm by anti-virus software vendors, the worm spreads itself using UDP port 4000, and can possibly mutate this port number on demand. But unlike many other annoying-yet-benign worms, "Witty" is extremely damaging. It remains memory-resident, spreading itself to locally available machines, and systematically overwrites the master boot record, partition tables, and random sectors of any hard drives in the compromised system. Under most circumstances this will completely destroy any data on the current hard drive. Recovery is arduous, if it's possible at all.
"Witty" got its name from a humorous message embedded in its attack packets, reading "insert.witty.message.here."
News source:
Geek.com
Bug fixes:
Fixed crash when closing history window with large history.
IE was always used as the default browser if IE was open.
Added option to set outgoing port range.
Fixed several memory leaks.
Improved proxy handling.
Rare crash on opening options.
AutoNA was not set correctly when Away was set.
Visibility list did not list all users.
Icons in URL and message contact menus didn't update when icons changed.
Reduce CPU usage in file transfer dialogs (fewer screen updates).
Many other bug fixes.
AIM: Unable to save "Only reply to users in your contact list" option.
ICQ: Failed to send or receive files from ICQ 2003b.
ICQ: Fixed a number of smaller memory leaks.
ICQ: Contact e-mail info was not displayed correctly.
ICQ: Failed to retrieve user details during certain circumstances.
ICQ: URL messages could disappear when sent through a Direct Connection.
ICQ: Nick name was not deleted from server list when local nick name was deleted.
ICQ: Server side contacts could reappear after being deleted if they were on the visible/invisible lists.
ICQ: Changing status while connecting had no effect.
ICQ: A bunch of other fixes the CVS change log if you want the big list.
Jabber: Should offline all chat rooms when go invisible (because they are actually offline).
Jabber: Miranda won't exit if more than one group chat windows are left open.
Jabber: Wrong filename encoding in file sending (signed/unsigned problem).
Jabber: Crash on connect/disconnect caused by stale contacts associated with an unknown protocol.
Jabber: Deleting group chat temporary contact unintentionally closes the chat room.
Jabber: Presence is broadcast to chat room that has denied our access.
Jabber: Graceful exit while Miranda shutdown in the middle of file transfer.
MSN: A port remained opened after the file transfer cancel.
MSN: if a contact list is very long, all contacts could be shown in the Offline mode
MSN: When you set your own nickname with spaces, it appears in the options dialog URL-encoded (with %20 instead of a space char).
MSN: Opened switchboard sessions weren't closed when you go offline without closing Miranda.
MSN: File sending does not require talking anymore.
MSN: Contacts with leading digits in the e-mail were not processed properly.
MSN: Many other bug fixes.
Enhancements:
New user is typing API (supported by ICQ/MSN/Jabber).
Messaging module moved to a plugin with many UI changes (SRMM).
Auto Away can now set protocols away if the workstation becomes locked.
Improved button control (bitmap support, flat button support).
Added options to disable systray icon flashing and adjusting blink time.
Default icon packs are automatically loaded from disk if they exist.
Added report bug menu item.
Many other enhancements.
AIM: Added user search capability.
AIM: Send messages to group chat users by double clicking name.
AIM: Added file receive support.
ICQ: Added support for sending and receiving Typing Notifications.
ICQ: Now accepts messages formatted in Unicode (note: this won’t solve the problem with displaying messages with multiple char sets).
IRC: Contacts on the contact list.
IRC: Host masks.
IRC: Ignore system.
IRC: Channel manager.
Jabber: Manual registration to Jabber services.
Jabber: Can automatically remove contacts not in roster.
Jabber: Invite and accept invitation to a group chat.
Jabber: Support composing message event (message typing notification).
Jabber: Send full JID (with resource name) when appropriate.
MSN: 'User is typing' support added.
MSN: "Invite to chat" contact menu item is added.
MSN: 'block/unlock' feature is integrated with Options->Status->Visible.
MSN: New gateway support.
**shakes head at customers**
btw: does anyone use blackice anymore? i havent seen it forever.
And if you don't have a firewall running (that means you are not runing a router either), you are WIDE open to the internet and I can guarantee you have a couple trojans, possible keyloggers, and other malicious items on your hard drive.
*Sigh*
Idiot comment of the decade. Most of the worms are so smart in how they bury themselfs that there is no way you'd know if you had one.
Is it sensible thinking to say "I'm a good bike rider so I don't need a helmet" ?
Q-E-f*cking-D.
But prevention is better than cure.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.