New 'Iraq oil' network worm found
A new network worm that spreads through shared folders on machines running Microsoft Corp.'s Windows NT, 2000 and XP operating system has been detected, according to advisories posted by a number of antivirus software makers Tuesday.
The new worm, called W32/Lioten, also goes by the name Iraq_oil, Datrix, W32.Lioten, and I-Worm.Lioten, according to an advisory posted by Helsinki, Finland security company F-Secure Corp.
Unlike other worms that spread through mass e-mailing, Lioten scans the Internet for vulnerable Windows machines that are sharing folders with other users on a home or business network.
The worm finds new hosts to infect by randomly generating and attempting to connect to IP (Internet Protocol) addresses on the Internet. The worm listens for responses on port 445 from machines using Windows Server Message Block (SMB), a file and resource sharing protocol used in Windows environments.
Once the new worm receives a response from a server, it attempts to crack that machine using a so-called "brute force" attack. The worm first obtains a list of user accounts on the machine and then attempts to log in to each of those accounts by supplying values from its own list of likely passwords such as "admin," "root," "1234" and "asdf".
If the worm is successful in logging on to a machine using any of the user accounts, it places a copy of itself, iraq_oil.exe, in the System32 directory on that machine and creates a process on the machine to run the new executable.
It is not known what else the worm does besides propagate itself, nor is the relevance of the "Iraq oil" reference understood, F-Secure said.
Machines that are located behind a firewall are likely to be protected from the new worm. Even basic firewall configurations will block access to port 445, according to F-Secure.
Leading antivirus software makers including Symantec Corp., Network Associates Inc., makers of McAfee, F-Secure Corp., and Sophos PLC gave Lioten a "low" threat rating, indicating that the worm has not spread widely on the Internet and few if any infections linked to the Lioten worm have been reported.
Still, antivirus companies on Tuesday posted updated virus definitions that are capable of detecting the Lioten worm and recommended that customers running the affected operating systems download the latest virus definitions for their antivirus software.
ITworld.com
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
VMware ESX Server in the Enterprise
By Edward L. Haletky
Published Dec 29, 2007 by Prentice Hall.
Enter now! | Official rules | Sample chapter
Green IT
By Toby Velte, Anthony Velte, Robert C. Elsenpeter
To be published Oct. 10, 2008 by McGraw Hill Professional
Enter now! | Official rules | About the book
