|
 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
5 |
 |
Members:
0 |
 |
Total:
5 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
EldAztek
Posts:0
 |
| 03/10/2003 9:59 PM |
|
| What is it?
Lately there's been an uptick in viruses and worms that both use Network Shares to spread AND have a built in password attacker. Recently Lovgate and deloder have been making the rounds of people's machines. These viruses and worms spread by attacking the open sharing port on TCP/IP if you have netbios enabled on that protocol. (This is port 445). If you have a hardware or software firewall you're protected from such attacks by machines OUTSIDE the network, but usually NOT protected from such attacks from machines INSIDE your local network. The new twist these viruses use is that they carry a list of common passwords with them and use these passwords to attempt to get shares on your systems. Such passwords include things like "admin", "password", "help", "none" and other commonly used passwords.
What should you do?
Never run EXE programs or files from email messages. Always leave your scanner active, and get a scanner that will scan email before it hits your mailbox.
As usual we recommend that everyone use complex and relatively long passwords. It won't be long before someone puts a more sophisticated password guessing engine on one of these. A good password has the following characteristics:
1) At least 6, and preferably 8 characters or more long.
2) A mixture of upper and lower case preferably inside the word.
3) Use of at least one number and at least one symbol
An example of a poor password would be:
letmein
An example of a good password would be:
1shM43l#
Here are some passwords you should NOT use because the worm uses them to attempt to access your shares:
0
000000
00000000
007
1
110
111
111111
11111111
12
121212
123
123123
1234
12345
123456
1234567
12345678
123456789
1234qwer
123abc
123asd
123qwe
2002
2003
2600
54321
654321
88888888
a
aaa
abc
abc123
abcd
Admin
admin
admin123
administrator
alpha
asdf
computer
database
enable
foobar
god
godblessyou
home
ihavenopass
Internet
Login
login
love
mypass
mypass123
mypc
mypc123
oracle
owner
pass
passwd
Password
password
pat
patrick
pc
pw
pw123
pwd
qwer
root
secret
server
sex
super
sybase
temp
temp123
test
test123
win
xp
xxx
yxcv
zxcv
If you see your password in that list - make it better NOW :) Make sure if you change an admin password (particularly) that you have the password stashed away somewhere in a safe place where you'll remember it.
Another trick you can use for your internal network is to hide your share names by using a $ at the end of the name. For instance if you have a share called MyDocuments make it MyDocuments$. This will hide the share from a casual inspection and the nework share browser - you'd need to KNOW the name of the share to get to it, adding an extra layer of protection.
If you're using Windows XP professional, or Windows 2000, don't use "Simple" file sharing. Simple file sharing assigns a password to the share only. Use the more complex file sharing that allows you to specify what specific users may access the share. If you're not sure how to do this - have someone who knows how help you set it up correctly.
Also, if you don't NEED to have netbios running on TCP/IP consider running it on another network protocol (Novell's IPX/SPX or NETBEUI). Most home networks don't require routing your NETBIOS traffic over the internet or using TCP/IP. Disabling Netbios on the TCP/IP interface will eliminate the ability to connect to your computer using that protocol from the outside world. The process for doing this is a bit long for this message. There are good resources at GRC.COM for disabling Netbios on TCP/IP:
http://grc.com/su-bondage.htm
In addition you should take the normal precautions against any virus - run good, up to date virus software, make sure your signatures and virus program versions are updated periodically, and run a full system scan periodically.
For more information:
http://www.sarc.com/avcenter/venc/data/w32.hllw.deloder.html
http://vil.mcafee.com/dispVirus.asp?virus_k=100127
http://vil.mcafee.com/dispVirus.asp?virus_k=100072
This concludes this viruswarning notice.
Lee Drake
Aztek Computer Solutions, Inc.
39 N. Goodman St.
Rochester, NY 14607
585-242-2060
For past archives of viruswarning files see:
http://www.leedrake.com/forum/default.asp?CAT_ID=2
To unsubscribe to this newsletter send me an email at:
imailsrv@azcomputer.net
And in the body type in:
Unsubscribe viruswarning
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|