Slashdot Mirror


New Windows Worm Inching Around Internet

helixcode123 writes "The Register is reporting a Windows Worm that takes advantage of weak default passwords. This looks pretty nasty, as it mucks with the registry and disables network sharing." Basically if it finds SMB shares with weak passwords, it drops an executable in the startup folder... for once a security problem that isn't really Microsoft's fault.

25 of 604 comments (clear)

  1. What were those commons passwords in Hackers? by Eese · · Score: 5, Funny

    I bet they just made a program that tried, "Love, sex, and god".

    1. Re:What were those commons passwords in Hackers? by ackthpt · · Score: 5, Funny

      Thank goodness it didn't include 'cowboyneal4ever', since I use that for everything and it has never let me down for security purposes.

      --

      A feeling of having made the same mistake before: Deja Foobar
    2. Re:What were those commons passwords in Hackers? by carpe_noctem · · Score: 4, Funny

      xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

      Shit, I should go change my root password now.

      --
      "Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
    3. Re:What were those commons passwords in Hackers? by galaxy300 · · Score: 5, Funny

      I'm surprised that ****** isn't in the list. That's my password for just about everything. As a matter of fact, I've noticed that it's just about everyone's password!!!

    4. Re:What were those commons passwords in Hackers? by 3ryon · · Score: 4, Funny

      these are the passwords it tries : [empty], xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, admin, Admin...

      Whew! For a second there I thought it was trying xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    5. Re:What were those commons passwords in Hackers? by LoztInSpace · · Score: 5, Funny

      [the user's username backwards]. Heh heh. Reminds me of a friend telling someone to use this. Bad advice aside, imagine him saying this as he simultaneously realises that the user's name is Lana.

    6. Re:What were those commons passwords in Hackers? by Enigma2175 · · Score: 5, Funny

      I don't store plaintext passwords, so I just guessed the top 2, which are:

      53: 123456
      21: password

      keep in mind we require a >= 6 char password. We only have about 4,000 users.


      After reading your post, I thought I would try a few myself. Sure it's a small sample, although probably not statistically valid it certainly adds to the anecdotal evidence

      mysql> select count(*) from auth;

      count(*)
      873
      Total Users

      mysql> select count(*) from auth where password = md5(username);

      count(*)
      90
      username same as password

      mysql> select count(a.username) from auth as a, contact as b where a.password = md5(b.fname);

      count(a.username)

      44
      password is first name

      mysql> select count(a.username) from auth as a, contact as b where a.password = md5(b.lname);

      count(a.username)
      24
      Password is last name

      mysql> select count(*) from auth where password = md5('password');

      count(*)
      10
      hmmm, only 10 users with a password of password

      Some more ....
      mysql> select count(*) from auth where password = md5('12345');

      count(*)
      10

      I've got to put some text here to break up the queries, hopefully it will help out a little bit. Does anyone who has read through the slashcode know what criteria is used for the lameness filter? Is is the ratio of junk characters to nonjunk characters or is there something else to it?

      It seems like it causes problems.

      mysql> select count(*) from auth where password = md5('1234');

      count(*)
      2

      Now I suppose I must do a very lengthy conclusion because the lame /. lameness filter. It seems as if many of my users use passwords that are inherently insecure. There are a few I could check for, but it would involve coding time and these days management doesn't look to kindly upon code that doesn't make money. I doubt I have enough to get through the filter, but I'll give it a shot. OK, now I have had to strip several of the server responses of dashes, hopefully this time 8crosses fingers8

      Jesus, what a fucking pain in the ass. Is it really that painful to the community to have a few ASCII porn pics posted? Damn I hate to have to go through this huge fucking ordeal just to post a simple fucking comment. How about a goddamn lameness filter exemption for people with excellent karma? How many ASCII goatse.cx picxtures have you seen posted with a plus 1 bonus?

      It still will not post. I have stripped just about every nonletter from my post and it still will not fucking go up. what next do i need to strip the punctuation and caps so that i can get more non motherfucking bullshit junk characters in my post i guess it just goes back to the saying often quoted on slashdot i will paraphrase those who give up essential posting liberties for a little temporary safety from goatsex deserve goatsex twentyfour seven i wonder if it has ever occured to the nitwits that run this site that people might actually want to post something that is meaningful to the conversation that is not plain old text sometimes it makes things much more readable if you have some formatting and punctuation in there to break things up a bit gee its news for nerds cant these guys forsee that some geeks are going to want to post code and other things that may have more punctuation and special characters than your standard text

      motherfuckers

      --

      Enigma

    7. Re:What were those commons passwords in Hackers? by boots@work · · Score: 4, Funny
      Nice post, though I can't understand what you think you're doing with hard data on Slashdot. :-)
      I was standing by one of the Kodak scanning stations... BTW, there are all kinds of interesting options to set on those machines. :)
      What, like force_image=goatse.jpg ?
  2. A cold day in... by asparagus · · Score: 5, Funny

    ...for once a security problem that isn't really Microsoft's fault...

    Taco: Hell just called. They want you turn back on the heat.

  3. ACK!!! by revery · · Score: 5, Funny

    for once a security problem that isn't really Microsoft's fault.

    What!! On Slashdot!! a story that absolves Microsoft of guilt when blind-eyed finger pointing would have been so easy...

    Who are you and what have you done with the slashdot editors?!?

    --

    Dilbert - "If aliens take over your boss's body, is that a bad thing?"
    Wally - "It depends on the aliens"

  4. Re:I wonder if that is why my router is not happy by myowntrueself · · Score: 4, Funny

    Let me guess, UDP port 137 is producing lots and lots of logged events?

    Thats normal. There are two solutions;

    1. Design, build and spread a virus or trojan which will irrevocably destroy all Windows boxes which are connected to the internet without a firewall.

    Or

    2. Stop logging UDP port 137.

    --
    In the free world the media isn't government run; the government is media run.
  5. Re:Microsoft's fault? by Anonymous Coward · · Score: 5, Funny


    Because this is slashdot. The fact that your aunt has breast cancer is Microsoft's fault.

  6. WRONG! by dotgod · · Score: 5, Funny
    Sorry, but "administrator" can't be one of the passwords the worm tries because I use that for the password on my box and everyt

    NO CARRIER

    1. Re:WRONG! by IIRCAFAIKIANAL · · Score: 4, Funny

      Those no carrier jokes always remind me of Monty Python and the Holy Grail...

      <dream sequence>
      ARTHUR:
      What does it say?
      MAYNARD:
      It reads, 'Here may be found the last words of Joseph of Arimathea. He who is valiant and pure of spirit may find the Holy Grail in the Castle of aaarrrrggh'.
      ARTHUR:
      What?
      MAYNARD:
      '...The Castle of aaarrrrggh'.
      BEDEVERE:
      What is that?
      MAYNARD:
      He must have died while carving it.
      LAUNCELOT:
      Oh, come on!
      MAYNARD:
      Well, that's what it says.
      ARTHUR:
      Look, if he was dying, he wouldn't bother to carve 'aarrggh'. He'd just say it!
      MAYNARD:
      Well, that's what's carved in the rock!
      GALAHAD:
      Perhaps he was dictating.
      ARTHUR:
      Oh, shut up. Well, does it say anything else?
      MAYNARD:
      No. Just 'aaarrrrggh'.
      LAUNCELOT:
      Aaaauugggh.
      ARTHUR:
      A arrrggh.
      </dream sequence>

      No, that's just stupid. Too bad I hit submit already...

      --
      Robots are everywhere, and they eat old people's medicine for fuel.
  7. Re:Microsoft's fault? by ahaning · · Score: 5, Funny

    For example, make it really clear to users enabling file sharing that people can and will try to break in if they connect to the Internet, so strong passwords or other security means are really necessary.

    It's a good thought, but consider this:

    You should be warned that ena*click*

    Are you sure that you want*click*

    Sweet. My files are shared.

    --
    Withdrawal before climax is very ineffective and those who try this are usually called "parents."
  8. Re:love of the Irish. by Theaetetus · · Score: 5, Funny
    The pat / patrick is rather weird, eh? only name in the list

    Hey! My son Temp123 would take offense at that!

    -T

  9. Yeah, but... by jrwillis · · Score: 5, Funny

    Is that case sensitive?

    --
    Keep Austin Weird!
    1. Re:Yeah, but... by _xeno_ · · Score: 5, Funny

      Yeah, I just checked. 88888888 won't work.

      --
      You are in a maze of twisty little relative jumps, all alike.
  10. Re:love of the Irish. by Jerf · · Score: 5, Funny

    "Son, it's time we had that special man-to-man talk about where babies come from. See, your mom and I tried to, uhhh, 'swap location', and everybody knows that to swap two variables, you need a temporary variable*. Well, you're that temporary variable. You just better hope you don't go out of scope soon..."

    (*: True in the general case, since the XOR trick only works in certain circumstances.)

  11. Re:Microsoft's fault? by Herkum01 · · Score: 4, Funny

    The fact that your aunt has breast cancer is Microsoft's fault.

    THAT is what I have been telling everyone! Of course they don't believe me, and that is Microsoft's fault too!

    DAMN YOU MICROSOFT

  12. who's on first? by djupedal · · Score: 5, Funny

    "What's your password?" "It's random." "Great, glad you use a smart strategy, now tell me what it is, please." "I told you, it's 'random'" "How can it be random...you have to decide it when you rotate, and of course it's picked at random...so, anyhow, tell me what it is right now... " " it's random....I just told you!!!"

    1. Re:who's on first? by JWSmythe · · Score: 4, Funny

      BOFH: Hold on one second sir.. [click][click][click]. What was your username again?

      lUSER: BOB! MY USERNAME IS BOB! WHAT'S MY PASSWORD.

      BOFH: "no", Bob.. But I'm looking further into this, and it seems you may have a problem.

      lUSER: Ya? What kind of problem? Everything was fine til you changed my password.

      BOFH: Did you have any files in your directory?

      lUSER: I just finished the annual fiscal reports!.

      BOFH: [click][click][click].. Hmmmm, I don't see anything here.

      lUSER: WHAT!!!!!!!!

      BOFH: Hold on, lets look at the backups...

      lUSER: Thank god..

      BOFH: PFY, you made backups right?

      PFY: there's right here in the tape degausser.

      BOFH: Bob, I'm sorry, it seems there was a terrible accident with the backups..

      [degausser mysteriously turns on]

      lUSER: What about my Email, is it safe?

      [lightbulb appears over BOFH's head]

      BOFH: Lets have a look, shall we? [click][click][click] So, you've been writing to the bosses wife an awful lot.. Hmmm

      lUSER: Ya, we're old friends.

      BOFH: Are these nudes of her? Close friends, aren't you?

      lUSER: BUT! No! Don't look at those!

      PFY (whispers to BOFH): what if......

      [click][click][click][click] No problem, I've removed all those nasty pictures from your box.

      BOFH hangs up the phone, un plugs it from the wall, and gracefully sets it on top of the bookshelf where it won't be in the way.

      "Where did you send the pics?", PFY asks...

      "From: Mr. Luser
      To: Bosses Wife
      Bcc: to the boss, the boss's mother-in-law, luser's wife, and of course a copy in our files.", BOFH cites.

      "Have we arranged for our monthly raises yet? I think it's about time. Lets check accountings database, and see how much Mr. Luser was earning us."

      ----

      I'd love to be a BOFH writer.. But until then, I live the part in real life. :) Sometimes they're just too quick. A simple electrocution? or Halon accident just aren't as much fun as they *COULD* be having.

      Just imagine the fun a BOFH could have with say an ex-girlfriend's new boyfriend, an ounce of cocaine (mixed in with 5 pounds of filler), superglue, epoxy, and a few "anonymous" phone calls to his boss, neighbors, and the police, all while being the nicest guy in the world to him too..

      I've just never had a good outlet for my stories.. :) Nothing feels better than a well orchestrated revenge.

      --
      Serious? Seriousness is well above my pay grade.
    2. Re:who's on first? by Scumbag+Tracker · · Score: 5, Funny

      To avoid being hacked, I set my password to "pi". Only problem is, now it takes me forever to log on in the morning. :-/

      --
      I track known Slashdot scumbags on my foes list!
  13. Re:Ack! It's the Rapture! by Enigma2175 · · Score: 4, Funny

    This is the seventh posting on the front page in a row by Taco. And none of them are dupes!

    Along with that, this post observes that Taco posted a story about a worm that did not contain a snide comment about Microsoft.

    It's very clear to me now, obviously the /. editors have been replaced with the cyborgs that live among us. I for one, welcome our new android overlords. As a trusted /. personality, I can be helpful in rounding up others to toil in thier underground sugar caves.

    --

    Enigma

  14. Luckily the world is safe... by ardu · · Score: 5, Funny

    since the worm doesn't try the most common password: ******