Results 1 to 7 of 7

Thread: Warning New Virus

  1. #1
    The Deloder worm, which spreads by communicating with Windows computers that have file sharing enabled, may have spread to perhaps as many as 10,000 systems using a list of 86 passwords to break into computers running Microsoft Windows NT, 2000 and XP. While not an epidemic, the attack did highlight that people frequently choose easily guessable passwords to guard their computers' security.
    "Whether it is a worm or human being that is trying to break into any machine, English words are easy passwords to crack," said Steve Trilling, senior director of research for security software maker Symantec.

    Bad passwords are a major chink in the Internet armor surrounding company networks and home computers--one that worms and viruses will frequently exploit.

    The recent LovGate worm--which appeared on the Internet two weeks ago--uses a list of 16 passwords as a secondary way to infect computers. The current Deloder worm, also called W32.HLLW.Deloder by Symantec and W32/Deloder.worm by Network Associates, uses its longer list as the primary attack on Internet-connected computers.

    It's not surprising that worm writers have started using the technique. By some estimates, a third of computer passwords can be found by systematically trying every word in a smallish dictionary. Limited attacks, such as those using a small dictionary of words that could be bundled up in worm code, have fewer successes but are much faster.

    The Deloder worm shows the speed of such attacks. The worm caused a spike in traffic on Saturday and Sunday, but after the weekend had begun to level off, said Johannes Ullrich, chief technology officer for the Internet Storm Center, a service that tracks attacks.

    On Saturday, the Internet Storm Center detected Server Message Block (SMB) requests from almost 15,000 sources. The SMB protocol is used by Microsoft for file sharing and is normally used within corporate networks, not on the Internet. For the most part, the service averages about 4,000 such requests. The ISC had increased its threat assessment to a "yellow," or medium rating, over the weekend because of the worm's spread, but decreased the grade to "green" by the end of day Monday.

    Ullrich stressed that bad passwords aren't the only culprit; PC users shouldn't have file sharing turned on, either.

    "A strong password would slow the worm down," he said. "But in reality, the best thing to do is to block file sharing. There is no good reason to use this protocol over the Internet."

    The Deloder worm uses Windows file sharing to spread, sending attack data to potential victims using port 445. Ports are software addresses that applications use to communicate with other programs running on other computers. The Windows operating system uses port 445 to send data to other computers with whom files are being shared.

    On computers that it compromises, the worm will install two programs that allow an attacker to issue commands to the victim computer over the Internet

    [Source blackcode]

  2. File Sharing   -   #2
    Join Date
    Feb 2003
    Manitoba Canada
    Good info, slightly helpful but interesting

  3. File Sharing   -   #3
    Thanks for warning people, but virus alerts are always going to come. So best way is to keep your AV updated. If you do get a virus, it happens.

  4. File Sharing   -   #4
    merlin-1's Avatar Poster
    Join Date
    Mar 2003
    I check my AV for updates at least twice a week.

  5. File Sharing   -   #5
    SuperJude™'s Avatar IRC Interloper
    Join Date
    Dec 2002
    Woodstock NY
    Interesting stuff.

    Of course I caught the subtle part at the end about filesharing, but really with the facilities I have downloaded from filesharing, my pc is pretty tight right now in terms of scurity.

    "We Love You SuperJude!"- the fans

  6. File Sharing   -   #6
    sArA's Avatar Ex-Moderatererer
    Join Date
    Feb 2003
    Yeah, but don't it just piss you off that there are these clever people with nothing better to do than screw with people's computers...I mean its not like they can actually see the frustration on our faces each time another infection is spotted by the AV......sad, sad gits!

  7. File Sharing   -   #7
    Join Date
    Dec 2002
    HELL-you will be too_$oon enough
    what pisses me off is that there are people without proper virus protection


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts