Advertisement
Promo

Industry watch Toolkit

New 'oil' worm 'unlikely to succeed': Sophos

Andrew Colley ZDNet Australia

Published: 18 Dec 2002 11:57 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Anti-virus vendor Sophos has moved to arrest panic over the appearance of a new computer worm, saying its method of propagation makes it highly unlikely to succeed.

The new worm tagged in anti-virus vendor reports as W32/LIOTEN.A (Net-Oil spelt backwards) attempts to crack into weakly configured Windows 2000 and XP machines. However, according to Sophos, even if the worm is successful it is highly unlikely that it will be able to do anything once it has breached the target machine.

The worm attempts break into machines by generating fake IP addresses and scanning them for a listening TCP port 445. If a machine associated with one of the IPs exists and has a weak security configuration, the worm may be able to attain a list of valid usernames from it. The worm would then attempts to log on to the machine using a series of common passwords.

If the worm logs on successfully, it attempts to detonate on the target machine to perpetuate its travel to new targets.

"It makes a copy of itself but its very unlikely that it would spread from the machine it has copied itself onto," said Paul Ducklin, spokesman for Sophos.

Sophos said the worm is poorly designed and that the method it uses to log in leaves it unlikely to have the authority or "machine privileges" it requires to execute itself on the target and continue propagating.

"It's interesting to note that we haven't had any reports from people actually infected by it and nor it appears have any of the other major anti-virus vendors," said Ducklin.

Ducklin said it was also interesting to note that while graphs representing W32/LIOTEN.A's port scanning activity showed a sharp drop shortly after attackers launched it, that of older worms maintained their strength.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
61 out of 114 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Industry watch


Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

IT Support / Hardware Support / Technical Support - Northants

French and Italian speaking level 1 Technical Support Engineer

2nd/3rd Line Technical Support Engineer

Discussions

manek manek

Price hike could damage the data centr...

Friday 10 July 2009, 9:21 AM

1 comment
Xwindowsjunkie Xwindowsjunkie

Yeeeaaaaaaaaaah!!!!!!!!!!!!

Friday 10 July 2009, 3:49 AM

9 comments
hkommedal hkommedal

It is nice to see a hope for some comp...

Thursday 9 July 2009, 10:31 PM

3 comments
hkommedal hkommedal

About collecting data etc.

Thursday 9 July 2009, 10:18 PM

9 comments

View All

Video icon

Video

Featured Talkback

When all is said, if Microsoft produce the best product people will buy it and thats a good thing. If people have to buy their product because no one else can produce an alternative, only because interoperability protocols are kept secret, then thats a bad thing.

By: pround

Read full story:
EU court crushes Microsoft's antitrust appeal


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters