I got hit by the Witty Worm, I did. (Login for the Post if you need it.) Totally hosed the boot sector of my Alienware…I’ve got the system running, but somehow, when I was recovering the system, I seem to have installed windows a second time…which shouldn’t, theoretically, be possible. I’m still trying to figure out how much of my data has been corrupted.
The worm payload was yesterday, and so while many geeks are talking about it, most of the people who actually got hit with it don’t have functional systems and most of them don’t know how to recover a system that had it’s boot sector eaten…so it may be a few days before enough people understand what happened that I can explain how I recovered my system…and then see if somebody can figure out how the heck I installed windows a second time, but didn’t blow away my original windows.
Anyway, if you’re running Black Ice firewalls, go patch your software, or you too will be learning how much fun it is to try and recover a windows box. (I just, and I mean, just bought this software…ironic when software I bought to protect the system is the software that let it get destroyed.)
I was infected by users at texas.net who are even now pounding huge volumes of this worm out across the net. If you’re seeing a lot of udp traffic from aus.texas.net users, let me know and I’ll give you the range of IPs to block at your firewall.