dcsimg

Worm Spreads Without Help From Email, Web

The security software company F-Secure says it has found a worm in the wild that spreads not through email or via Web links, but through Windows shared folders.

WEBINAR:

You Can't Detect What You Can't See: Illuminating the Entire Kill Chain


On-Demand Webinar

The security software company F-Secure on Tuesday said it found a worm in the wild that spreads not through email or via Web links, but through Windows shared folders.

Lioten, also known as Iraq_Oil, scans the internet for Windows 2000 and Windows XP machines that are not protected by a firewall and have shared folders implemented, which allows multiple users to share files on one of the user's systems.

Once such a machine is found, the worm guesses a password and logs in to the machine, F-Secure says. It then copies itself as an executable file (usually named iraq_oil.exe) and executes, thus launching a search for other machines to infect. The worm launches 100 threads, each of which starts generating random IP numbers.

"Lioten just spreads -- there is no further payload," says Mikko Hypponen, manager of anti-virus research for F-Secure, based in Finland. "It is quite a small virus."

The worm exploits the Windows Server Message Block (SMB) service at a port 445, which can be blocked with basic firewall techniques.

F-Secure ranked Lioten at its second-most serious level, Level 2, defined as new virus causing large infection that might be local to a specific region.






0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 

IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.