In an opinion piece for Computer World, Bruce Schneier lists a few lessons we can learn from the Witty Worm
Twelve thousand machines was the entire vulnerable and exposed population, and Witty infected them all - worldwide - in 45 minutes. It’s the first worm that quickly corrupted a small population.
It was less than 700 bytes long. It used a random-number generator to spread itself, avoiding many of the problems that plagued previous worms. It spread by sending itself to random IP addresses with random destination ports, a trick that made it easier to sneak through firewalls. It was - and this is a very big deal - bug-free. This strongly implies that the worm was tested before release.
Bruce finished his opinion piece on this note:
Witty represents a new chapter in malware. If it had used common Windows vulnerabilities to spread, it would have been the most damaging worm we have seen yet. Worm writers learn from each other, and we have to assume that other worm writers have seen the disassembled code and will reuse it in future worms. Even worse, Witty’s author is still unknown and at large - and we have to assume that he’s going to do this kind of thing again.
We need to consider that current worms plaguing the Windows System are written by incompetent programmers; how will Windows fare when a more competent programmer like the Witty Worm programmer steps up to bat?
via Rafe Colburn