SecurityHome.eu Win32.Worm.Witty.A

Home / malware PDF

Win32.Worm.Witty.A

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Win32.Worm.Witty.A is also known as W32.Witty.Worm, (Symantec.
Explanation :
The worm uses a vulnerability found in ISS Products which incrrectly handle ICQ Parsing requests.
When the exploit successes the worm initializes a few internal variables used next for multiplication.
After that it sends itself to 20000 random IPs on port 4000 UDP to expoit possible victims.
As a payload the malware overwrites data with garbage on the first 8 physical disks, randomly chosen, at random positions.
Finally the worm cycles infinetely from the point where it sends itself.
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20