analysis of the Witty worm
Steven M. Bellovin
smb at cs.columbia.edu
Wed Jun 1 21:05:28 EDT 2005
Readers of this list may be interested in an analysis of the Witty
worm's spread by Kumark, Paxson, and Weaver. An article summarizing
the paper is at http://www.zdnet.co.uk/print/?TYPE=story&AT=39200183-39020375t-10000025c
A tentative conclusion is that the worm was probably written by an
insider at ISS....
The paper itself (there's a link in the article) has several more items
of interest to this list. Especially interesting is the effective
cryptanalysis of the PRNG used by the worm. Implicit in many of the
analyses, though not a focus of the paper, is the amount of information
that the authors could gather about network configurations at different
sites: as we all know, traffic analysis is a powerful technique.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list