Educause Security Discussion mailing list archives

W32/Witty Worm Outbreak

From: "Cam Beasley, ISO" <cam () AUSTIN UTEXAS EDU>
Date: Sat, 20 Mar 2004 17:38:39 -0600

FYI, this worm has been very active across the
Internet since 09:25 CST today.

More information can be found at:

http://securityresponse.symantec.com/avcenter/venc/data/w32.witty.worm.h
tml
http://www.lurhq.com/witty.html

You might keep an eye on packets of
src port UDP 4000 containing the following
string:

28 5E 2E 5E 29 20 20 20 20 20 20 69 6E 73 65 72 (^.^)      inser
74 20 77 69 74 74 79 20 6D 65 73 73 61 67 65 20 t witty message 
68 65 72 65 2E 20 20 20 20 20 20 28 5E 2E 5E 29 here.      (^.^)

Hope this is helpful.

~cam.

Cam Beasley
ITS/Information Security Office
The University of Texas at Austin
cam () austin utexas edu
---------------------------
Report Abuse To:
- abuse () utexas edu
- 512.475.9242
---------------------------

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

W32/Witty Worm Outbreak Cam Beasley, ISO (Mar 20)