Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
'Iraq Oil' Worm Oozes Onto the Net
Vaccines available for apparently innocuous worm, which seeks out Windows NT, 2000, and XP online.
Paul Roberts, IDG News Service
A new network worm that spreads through shared folders on machines running Microsoft Windows NT, 2000, and XP has been detected, according to advisories posted by a number of antivirus software makers.
The new worm, called W32/Lioten, also goes by the name Iraq_oil, Datrix, W32.Lioten, and I-Worm.Lioten, according to an advisory posted by security company F-Secure of Helsinki, Finland on Tuesday.
It is not known what else the worm does besides propagate itself, nor is the relevance of the "Iraq oil" reference understood, F-Secure said.
Definitions Updated
Unlike other worms that spread through mass e-mailing, Lioten scans the Internet for vulnerable Windows PCs that are sharing folders with other users on a home or business network.
Leading antivirus software makers, including Symantec; Network Associates, maker of McAfee; F-Secure; and Sophos gave Lioten a "low" threat rating. They indicate the worm has not spread widely on the Internet and few if any infections linked to the Lioten worm have been reported.
Still, antivirus companies on Tuesday posted updated virus definitions that are capable of detecting the Lioten worm. They all recommend that customers running the affected operating systems download the latest virus definitions for their antivirus software.
Machines that are located behind a firewall are likely to be protected from the new worm. Even basic firewall configurations will block access to port 445, according to F-Secure.
How It Wiggles
The worm finds new hosts to infect by randomly generating and attempting to connect to IP addresses on the Internet. The worm listens for responses on port 445 from machines using Windows Server Message Block (SMB), a file and resource-sharing protocol used in Windows environments.
Once the new worm receives a response from a server, it attempts to crack that PC using a so-called brute force attack. The worm first obtains a list of user accounts on the PC and then attempts to log in to each of those accounts by supplying values from its own list of likely passwords such as "admin," "root," "1234" and "asdf."
If the worm is successful in logging on to a PC using any of the user accounts, it places a copy of itself, iraq_oil.exe, in the System32 directory on that system and creates a process on the machine to run the new executable.
Laptop Showcase
The Best of PC World
People who read this also read:
Best Prices on Security Software
Norton Internet Security 2010 - 3 UsersPrice: $26.30
Norton Internet Security 2010 - 3 UserPrice: $26.30
Internet Security 2010Price: $31.91
Norton 360 Version 3.0 - 3 LicensesPrice: $39.99
Total Protection 2010 - 3 UserPrice: $26.97
Norton 360 Version 3Price: $39.00
-
Perfect Printing Solutions Find just the right All-in-One printer for you from HP. Visit the HP Resource Center.
-
Lenovo Laptop Showcase Find out how Lenovo IdeaPads and Thinkpads balance performance and portability. Visit the Lenovo Resource Center for more info...
