The CAIDA Dataset on the Witty Worm 

This dataset contains information useful for studying the spread
of the Witty worm.  The dataset is divided into two portions: a
publicly available set of files that contain summarized information
that does not individually identify infected computers, and a set
of files that do contain more sensitive information, including
packet traces containing complete IP and UDP headers and partial
payload received from hosts spreading the Witty worm.

Data included in the Witty Dataset includes:

Publicly Available:
	- distribution of start and end times of witty-infected computers
	- distribution of durations witty-infected computers were observed
	  to be transmitting the worm
	- country distribution of witty-infected computers
	- estimated connection types of witty-infected computers
	- RouteViews routing tables for March 20-26 (also available from
	  www.routeviews.org)

Restricted Access:
	- summaries of the start and end times each witty-infected computer
	  was observed to be spreading the worm.
	- summaries of the duration each witty-infected computer was
	  observed to be transmitting the worm
	- the country each witty-infected computer is estimated to be in
	- the hostname of each witty-infected computer as of March 24, 2004
	- a table with the start and end times of each hosts's activity with packet
	  byte traffic volumes.
	- packet trace containing Witty worm trafffic monitored by the UCSD
	  Network Telescope between Fri Mar 19 20:01:40 PST 2004 and Wed
	  Mar 24 23:01:40 PST 2004.

No portion of the CAIDA Dataset on the Witty Worm may be redistributed.

All users who publish (in any venue, including presentations, web pages,
and papers) data from this dataset must provide CAIDA with a copy of the
publication and must cite:
	The CAIDA Dataset on the Witty Worm - March 19-24, 2004,
	Colleen Shannon and David Moore,
	http://www.caida.org/passive/witty/.   Support for the Witty
	Worm Dataset and the UCSD Network Telescope are provided
	by Cisco Systems, Limelight Networks, the US Department of
	Homeland Security, the National Science Foundation, and
	CAIDA, DARPA, Digital Envoy, and CAIDA Members.

For more information on the Witty worm, see:
    ISS Vulnerability:
	http://www.eeye.com/html/Research/Advisories/AD20040318.html
	http://seclists.org/lists/bugtraq/2004/Mar/0181.html
	http://xforce.iss.net/xforce/alerts/id/166
	http://securityresponse.symantec.com/avcenter/venc/data/w32.witty.worm.html
    Witty Worm Analysis:
	http://www.caida.org/analysis/security/witty/
	http://www.lurhq.com/witty.html
	http://www.caida.org/analysis/security/witty/BlackIceWorm.html

For more information on the UCSD Network Telescope, see:
	http://www.caida.org/data/passive/network_telescope.xml#worm
	http://www.caida.org/analysis/security/telescope/

The CAIDA Dataset on the Witty Worm was sponsored by:
	Cisco Systems, Inc
	Limelight Networks
	The US Department of Homeland Security
	The National Science Foundation
	The Defense Advanced Research Projects Agency
	Digital Envoy
	CAIDA Members

Special thanks to Brian Kantor, Jim Madden, and Pat Wilson at UCSD for
support of the UCSD Network Telescope Project.