Educause Security Discussion mailing list archives
W32/Witty Worm Outbreak
From: "Cam Beasley, ISO" <cam () AUSTIN UTEXAS EDU>
Date: Sat, 20 Mar 2004 17:38:39 -0600
FYI, this worm has been very active across the Internet since 09:25 CST today. More information can be found at: http://securityresponse.symantec.com/avcenter/venc/data/w32.witty.worm.h tml http://www.lurhq.com/witty.html You might keep an eye on packets of src port UDP 4000 containing the following string: 28 5E 2E 5E 29 20 20 20 20 20 20 69 6E 73 65 72 (^.^) inser 74 20 77 69 74 74 79 20 6D 65 73 73 61 67 65 20 t witty message 68 65 72 65 2E 20 20 20 20 20 20 28 5E 2E 5E 29 here. (^.^) Hope this is helpful. ~cam. Cam Beasley ITS/Information Security Office The University of Texas at Austin cam () austin utexas edu --------------------------- Report Abuse To: - abuse () utexas edu - 512.475.9242 --------------------------- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- W32/Witty Worm Outbreak Cam Beasley, ISO (Mar 20)