It was the first worm to take advantage of vulnerabilities in the very pieces of software designed to enhance network security, and carried a destructive payload, unlike previous worms.
It is so named because the phrase "(^.^) insert witty message here (^.^)" appears in the worm's payload.
On March 19, 2004, the 'Witty' worm began infecting hosts connected to the Internet (and running the vulnerable ISS software) without any seed population.
[1] Within a half-hour it infected 12,000 computers and was generating 90 Gbit/s (gigabits per second) of UDP traffic.
Witty launches these attacks as fast as possible, attacking a pseudo-random subset of IP addresses as quickly as allowed by the computer's Internet connection.