Friday, March 29, 2024

Worm Spreads Without Help From Email, Web

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The security software company F-Secure on Tuesday said it found a worm in the wild that spreads not through email or via Web links, but through Windows shared folders.

Lioten, also known as Iraq_Oil, scans the internet for Windows 2000 and Windows XP machines that are not protected by a firewall and have shared folders implemented, which allows multiple users to share files on one of the user’s systems.

Once such a machine is found, the worm guesses a password and logs in to the machine, F-Secure says. It then copies itself as an executable file (usually named iraq_oil.exe) and executes, thus launching a search for other machines to infect. The worm launches 100 threads, each of which starts generating random IP numbers.

“Lioten just spreads — there is no further payload,” says Mikko Hypponen, manager of anti-virus research for F-Secure, based in Finland. “It is quite a small virus.”

The worm exploits the Windows Server Message Block (SMB) service at a port 445, which can be blocked with basic firewall techniques.

F-Secure ranked Lioten at its second-most serious level, Level 2, defined as new virus causing large infection that might be local to a specific region.

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles