New Worm Targets Weak Windows Passwords

Advertisement (Why?)

A new worm on the Internet targets computers running the Microsoft Windows operating system, using easy-to-guess passwords for the Administrator account, according to alerts posted by a number of antivirus companies. The new worm, W32/Deloder-A (Deloder), appeared on Sunday and is considered a low risk for infection, according to an alert posted by F-Secure of Helsinki, Finland.

Deloder is believed to have originated in China, F-Secure said. The worm attempts to connect to other computers on a network through TCP (Transmission Control Protocol) port 445, randomly generating IP addresses to locate vulnerable machines. Port 445 is used to access shared files on Windows machines with the Server Message Block protocol.

When a vulnerable Windows machine is located, the worm attempts to log on to the machine's Administrator account by trying 50 likely passwords such as "admin," "password," "12345," and "administrator," F-Secure said. If the worm succeeds in breaking the Administrator account password, it places copies of a backdoor, (trojan) program known as "inst.exe" in several locations on the infected machine.

View: Article @ Pcworld.com

soooo whos password is 1234??? Post below.

:D

#1 Solarix on 10 Mar 2003 - 20:52

no no see its all about 1235 ya know , duh now thats true security!

(1 reply) #2 Mr magoo on 10 Mar 2003 - 21:00

or hello1 another genius password

and lets not forget qwerty,asdf,1234, and that age old classic of fuck you

#2.1 Edge on 10 Mar 2003 - 21:02

LoL.

#3 leebobs on 10 Mar 2003 - 21:13

Lame ass passwords, no firewalls and no virus protection. Lay persons are why computer security is so poor.

#4 Klownicle on 10 Mar 2003 - 22:36

If someone doesn't have secruity they deserve it, let alone use a password of 12345. *sighs*

(5 replies) #5 Sierra_Whiskey on 11 Mar 2003 - 01:14

my password has over 18 digits. upper and lower case, numbers and special symbols e.g. © ... internal admin account has even more digits... i guess that should be ok

#5.1 JaggedFlame on 11 Mar 2003 - 01:19

Wow. I'll settle for a 6-10 character generated alphanumeric password.

#5.2 Jason on 11 Mar 2003 - 01:28

setting up a password policy of: not allowing the same password, making them change them regular having a minimum of what ever amount of letters you define (10 is good) then teaching the staff to use alphanumeric together in random order and not putting the password on a post it note on or near their desk.

#5.3 Jon on 11 Mar 2003 - 02:55

Its all very well having a good password *policy*, but how many users follow it, and if forced, how many will complain? Complex passwords seem to solve the problem for us techies, but to the users, they are a nightmare, and they will do anything to avoid using them! In my experience in a corporate environment I've found that users know little or nothing about password security, and simply fail to absorb it when you teach them, which means the emphasis has to be very clearly shifted to internal network security via permissions.

#5.4 JaggedFlame on 11 Mar 2003 - 06:05

Not only that, but if you force it upon them, they usually resort to strategies such as writing them down to remember them. That just sucks.

#5.5 leebobs on 11 Mar 2003 - 08:46

Fingerprint scanners baby, the best password I ever had and it is unique to me!!

(7 replies) #6 mr_da3m0n on 11 Mar 2003 - 03:01

The article on [url=http://www.slashdot.org]slashdot[/url] says that for once it isn't microsoft fault

Weeeeeeell, I suppose that not enforcing strong passwords like unix is part of it. However... stupid people who use qwerty (or azerty, let's not forget our french friends even if they keyboard layout sucks) as a root/admin password deserve what happens to them, you know? Since Windows XP came out, I see LOTS of blank admin passwords

#6.1 Octol on 11 Mar 2003 - 03:21

If I live to be a thousand years old I'll never understand why MS does such stupid s**t like hiding file extensions and creating no-password Administrator accounts by default. Go figure.

#6.2 aristofeles on 11 Mar 2003 - 04:31

Why use a password, when I am the only one who will ever use this pc? All i want to do is log on my machine as admin and as fast as possible. Thats a GREAT option.

#6.3 JaggedFlame on 11 Mar 2003 - 06:06

The problem is when they use blank sa passwords in SQL Server. I wish they would fix that already.

#6.4 Tom Servo on 11 Mar 2003 - 10:01

Logging on as admin as fast as possible without pass? If that's a joke tell me now, because else I'll say give me your IP and I will remotely kill your computer. If Yukon still allows the setting of a blank password, then I don't know.

#6.5 Octol on 11 Mar 2003 - 13:56

[neoquote=#6.2 by aristofeles]Why use a password, when I am the only one who will ever use this pc? All i want to do is log on my machine as admin and as fast as possible. Thats a GREAT option.[/neoquote] How about having both a password [i]and[/i] the ability to logon automatically? Just install Microsoft's TweakUI utility and you can do just that. Then someone would need physical access to your computer to screw with it.

#6.6 JaggedFlame on 11 Mar 2003 - 16:36

Isn't physical access pretty much a given on corporate workstations? I guess you can lock the server room, but how much harder is it to get that extra security by spending all of two seconds to type in a password?

#6.7 Octol on 11 Mar 2003 - 18:21

[neoquote=#6.6 by JaggedFlame]Isn't physical access pretty much a given on corporate workstations? I guess you can lock the server room, but how much harder is it to get that extra security by spending all of two seconds to type in a password?[/neoquote] Absolutely. Such advice is strictly for home PCs users and others with [i]guaranteed[/i] exclusive access to their system.

#7 BigGeek on 11 Mar 2003 - 13:50

Hmmmmmm......Sooooo If someone has no password for the admin will this worm figure that out???? LOL

#8 Wazz on 12 Mar 2003 - 09:13

Does anyone know what the Trojan does, ie...what it has the ability to do..... I know VNC is mainly just a remote access but wondered if the Trojan the worm drops is more dangerous..Cheers

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Neowin.net