http://www.newsfactor.com/story.xhtml?stor...470#story-start (http://www.newsfactor.com/story.xhtml?story_title=Witty_Worm_Overwrites_Hard_Disks&story_id=23470#story-start)

this is a nasty piece of work so make sure if your using blackice you are up to date.

The worm's functionality is as follows:

1) Generates a random IP address
2) Sends the worm payload
3) Repeats steps 1-2 20,000 times
4) Opens a random PHYSICALDRIVE from 0-7, which allows raw hard disk access
5) Seeks to a random point on the disk
6) Writes 65K of data from the beginning of the vulnerable DLL to the disk
7) Closes the disk
8) Starts the process over from step 1

this at one point will corrupt your file tables making it impossible for average users to recover there data.

I have to admit It is a very well thought out virus though. It makes a change from all those horrible mass mailing worms. This kinda destructive virus will probably educate alot of users that your system should remain up to date or you will use all your data to viruses like this.

Another thing with this virus is that it remains in memory at all time so it is never written to disk. I wonder how many anti viruses will never be able to detect this virus because of this.

well what about a dos start disc ? (write protect the shite offcourse) amd then run MCaffe ? viral removal ?

there will be no virus to remove, it is destroyed when you switch the pc off because its only stored in ram.

and try mounting a ntfs partition with a dos disk ;)

your best bet would be a linux live cd that can mount ntfs drives.

Blocked access to port 4000 for all proccesses(althoug it is blocked, in use and stealthed). That should keep us safe for sumt!m3.