Trinity Security Services issued another security warning to businesses today as a new Slammer-like worm dubbed 'Witty' continues to spread,generating large amounts of network traffic and leaving ruined computers in its wake. The worm caused havoc in the City over the weekend and destroyed or damaged tens of thousands of computers worldwide.

The worm, which appeared over the weekend, exploits a weakness in the
widely used Black Ice security products, and is not detected by
antivirus software, as it resides in memory. The "Witty" worm writes
random data onto the hard drives of computers equipped with the Black
Ice and Real Secure Internet firewall products, causing the drives to
fail and making it impossible to restart the PCs.

The worm ironically, only affects systems running Black Ice, an
intrusion detection product from Internet Security Systems. It exploits
vulnerability in ICQ instant messaging protocol parsing. Infected hosts
will send large amounts of UDP traffic, typically saturating a local
network connection. The traffic originates from port 4000. Once Witty is
active, the user will no longer be able to close Black Ice, instead
receiving a message reading "Operation could not be completed. Access is
denied".
Unlike many recent worms such as Netsky.B that arrived as e-mail
attachments, Witty spreads automatically to vulnerable computers without
any action on the part of the user. This is a classic example claims
Simon Jenner, Trinity Security Services, of how worms and viruses are
becoming increasingly intelligent and why Companies need to ensure their
security systems are completely up to date and fully capable of
protecting them against these types of attacks. The Witty worm is
different and in some respects more destructive because it renders the
computer useless. Patches are now available from the vendor and it
should be noted that the cost of infection from Witty is amongst the
highest in the range of worms seen so far, and may be the highest
depending on what is in store for the rest of year. 2004 has so far seen
systematic infections and Jenner urges companies to take action now and
be ready for any further attacks in line with this worrying trend.

Trinity Security Services offer a range of services to help an
organisation maximise protection of its information assets against worms
such as Witty. Further information on our services can be found on
www.trinitysecurity.com or by e-mailing us at info@trinitysecurity.com

About Trinity Security Services
Trinity is a leading independent information security solutions and
services provider. Customers include a range of FTSE 250 companies
across UK and Europe.

Trinity provides its customers with market leading expertise, delivering
solutions ranging from the technical such as IDS, VPN and E-commerce, to
strategic services including security policy and procedure development.

All Trinity consultants are hand-picked and the best in their field,
ensuring that Trinity is strategically placed to deliver services and
solutions.

For further information contact: Simon Jenner CISSP - Principle
Security Consultant Simon.Jenner@trinitysecurity.com - (Mobile) 07780
603 307 - (DDI) 0870 3501284

Images can be accessed at:
http://www.trinitysecurity.com/Press/Trinity-Simon-Jenner-Press.jpg

Waheed Warden, MCIM
Channel Marketing Manager
Trinity Security Services
Waheed.Warden@trinitysecurity.com
www.trinitysecurity.com

M +44 (0) 7879 647 497
T +44 (0) 870 350 1284
F +44 (0) 845 280 2712

We don't compromise on your security

Bookmark/Search this post with:

| | | | | | | | | | |