New 'Iraq oil' network worm found

A new network worm that spreads through shared folders on machines running Microsoft Corp."s Windows NT, 2000 and XP operating system has been detected, according to advisories posted by a number of antivirus software makers Tuesday.

The new worm, called W32/Lioten, also goes by the name Iraq_oil, Datrix, W32.Lioten, and I-Worm.Lioten, according to an advisory posted by Helsinki, Finland security company F-Secure Corp.

Unlike other worms that spread through mass e-mailing, Lioten scans the Internet for vulnerable Windows machines that are sharing folders with other users on a home or business network.

The worm finds new hosts to infect by randomly generating and attempting to connect to IP (Internet Protocol) addresses on the Internet. The worm listens for responses on port 445 from machines using Windows Server Message Block (SMB), a file and resource sharing protocol used in Windows environments.

Once the new worm receives a response from a server, it attempts to crack that machine using a so-called "brute force" attack. The worm first obtains a list of user accounts on the machine and then attempts to log in to each of those accounts by supplying values from its own list of likely passwords such as "admin," "root," "1234" and "asdf".

View: Full Story

News source: PC World Australia

Report a problem with article
Next Article

Microsoft scraps Hailstorm

Previous Article

Red Hat's revenue on the uptake