By Andrew Colley, 18 December 2002 14:30
NEWS A new Windows worm has appeared on the scene, but is so poorly designed that it is unlikely to spread, according to security experts. Anti-virus vendor Sophos has moved to arrest panic over the appearance of a new computer worm, saying its method of propagation makes it highly unlikely to succeed. The new worm tagged in anti-virus vendor reports as W32/LIOTEN.A (Net-Oil spelt backwards) attempts to crack into weakly configured Windows 2000 and XP machines. However, according to Sophos, even if the worm is successful it is highly unlikely that it will be able to do anything once it has breached the target machine. The worm attempts to break into machines by generating fake IP addresses and scanning them for a listening TCP port 445. If a machine associated with one of the IPs exists and has a weak security configuration, the worm may be able to attain a list of valid usernames from it. The worm would then attempt to log on to the machine using a series of common passwords. If the worm logs on successfully, it attempts to detonate on the target machine to perpetuate its travel to new targets. Paul Ducklin, spokesman for Sophos, said: "It makes a copy of itself but its very unlikely that it would spread from the machine it has copied itself onto." "It's interesting to note that we haven't had any reports from people actually infected by it and nor it appears have any of the other major anti-virus vendors," said Ducklin. Andrew Colley writes for ZDNet.co.uk
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below