Witty Worm Detection
Critical Nessus Network Monitor Plugin ID 1182
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionThe remote host is vulnerable to a series of remote vulnerabilities to the ISS IDS engine. In addition, network traffic seems to indicate that the machine was compromised by a worm (Witty) which spreads via these ISS vulnerabilities.
SolutionThe Witty worm corrupts the victim's hard drive. The victim Operating System must be reinstalled.