Witty

[Witty targeted a firewall product:] When users participating in the best security practice that can be reasonably expected get infected with a virulent and damaging worm, we need to reconsider the notion that end user behavior can solve or even effectively mitigate the malicious software problem and turn our attention toward both preventing software vulnerabilities in the first place and developing large-scale, robust and reliable infrastructure that can mitigate current security problems without relying on end user intervention.

Colleen Shannon and David Moore of the Cooperative Association for Internet Data Analysis (CAIDA) offer a fascinating and rather frightening analysis of last week’s Witty worm.  It’s dangerous out there, folks.

Witty seems to have been an orchestrated attack, albeit using an opportunistic method.  The paper argues convincingly that we’re using the wrong security model; if we don’t change, the bad guys are gonna take down a lot of computers.  Doesn’t matter if it’s a prank or something really malicious, it’s going to be costly regardless.

Link courtesy of Mikko Hyppönen/F-Secure


Here’s a technical analysis of Witty, from Matthew Murphy. It is also worth a read, if you didn’t mind slogging through code.