Slashdot Mirror


New Windows Worm Inching Around Internet

helixcode123 writes "The Register is reporting a Windows Worm that takes advantage of weak default passwords. This looks pretty nasty, as it mucks with the registry and disables network sharing." Basically if it finds SMB shares with weak passwords, it drops an executable in the startup folder... for once a security problem that isn't really Microsoft's fault.

17 of 604 comments (clear)

  1. What were those commons passwords in Hackers? by Eese · · Score: 5, Funny

    I bet they just made a program that tried, "Love, sex, and god".

    1. Re:What were those commons passwords in Hackers? by ackthpt · · Score: 5, Funny

      Thank goodness it didn't include 'cowboyneal4ever', since I use that for everything and it has never let me down for security purposes.

      --

      A feeling of having made the same mistake before: Deja Foobar
    2. Re:What were those commons passwords in Hackers? by galaxy300 · · Score: 5, Funny

      I'm surprised that ****** isn't in the list. That's my password for just about everything. As a matter of fact, I've noticed that it's just about everyone's password!!!

    3. Re:What were those commons passwords in Hackers? by LoztInSpace · · Score: 5, Funny

      [the user's username backwards]. Heh heh. Reminds me of a friend telling someone to use this. Bad advice aside, imagine him saying this as he simultaneously realises that the user's name is Lana.

    4. Re:What were those commons passwords in Hackers? by Enigma2175 · · Score: 5, Funny

      I don't store plaintext passwords, so I just guessed the top 2, which are:

      53: 123456
      21: password

      keep in mind we require a >= 6 char password. We only have about 4,000 users.


      After reading your post, I thought I would try a few myself. Sure it's a small sample, although probably not statistically valid it certainly adds to the anecdotal evidence

      mysql> select count(*) from auth;

      count(*)
      873
      Total Users

      mysql> select count(*) from auth where password = md5(username);

      count(*)
      90
      username same as password

      mysql> select count(a.username) from auth as a, contact as b where a.password = md5(b.fname);

      count(a.username)

      44
      password is first name

      mysql> select count(a.username) from auth as a, contact as b where a.password = md5(b.lname);

      count(a.username)
      24
      Password is last name

      mysql> select count(*) from auth where password = md5('password');

      count(*)
      10
      hmmm, only 10 users with a password of password

      Some more ....
      mysql> select count(*) from auth where password = md5('12345');

      count(*)
      10

      I've got to put some text here to break up the queries, hopefully it will help out a little bit. Does anyone who has read through the slashcode know what criteria is used for the lameness filter? Is is the ratio of junk characters to nonjunk characters or is there something else to it?

      It seems like it causes problems.

      mysql> select count(*) from auth where password = md5('1234');

      count(*)
      2

      Now I suppose I must do a very lengthy conclusion because the lame /. lameness filter. It seems as if many of my users use passwords that are inherently insecure. There are a few I could check for, but it would involve coding time and these days management doesn't look to kindly upon code that doesn't make money. I doubt I have enough to get through the filter, but I'll give it a shot. OK, now I have had to strip several of the server responses of dashes, hopefully this time 8crosses fingers8

      Jesus, what a fucking pain in the ass. Is it really that painful to the community to have a few ASCII porn pics posted? Damn I hate to have to go through this huge fucking ordeal just to post a simple fucking comment. How about a goddamn lameness filter exemption for people with excellent karma? How many ASCII goatse.cx picxtures have you seen posted with a plus 1 bonus?

      It still will not post. I have stripped just about every nonletter from my post and it still will not fucking go up. what next do i need to strip the punctuation and caps so that i can get more non motherfucking bullshit junk characters in my post i guess it just goes back to the saying often quoted on slashdot i will paraphrase those who give up essential posting liberties for a little temporary safety from goatsex deserve goatsex twentyfour seven i wonder if it has ever occured to the nitwits that run this site that people might actually want to post something that is meaningful to the conversation that is not plain old text sometimes it makes things much more readable if you have some formatting and punctuation in there to break things up a bit gee its news for nerds cant these guys forsee that some geeks are going to want to post code and other things that may have more punctuation and special characters than your standard text

      motherfuckers

      --

      Enigma

  2. A cold day in... by asparagus · · Score: 5, Funny

    ...for once a security problem that isn't really Microsoft's fault...

    Taco: Hell just called. They want you turn back on the heat.

  3. ACK!!! by revery · · Score: 5, Funny

    for once a security problem that isn't really Microsoft's fault.

    What!! On Slashdot!! a story that absolves Microsoft of guilt when blind-eyed finger pointing would have been so easy...

    Who are you and what have you done with the slashdot editors?!?

    --

    Dilbert - "If aliens take over your boss's body, is that a bad thing?"
    Wally - "It depends on the aliens"

  4. Re:Microsoft's fault? by Anonymous Coward · · Score: 5, Funny


    Because this is slashdot. The fact that your aunt has breast cancer is Microsoft's fault.

  5. WRONG! by dotgod · · Score: 5, Funny
    Sorry, but "administrator" can't be one of the passwords the worm tries because I use that for the password on my box and everyt

    NO CARRIER

  6. Re:Microsoft's fault? by ahaning · · Score: 5, Funny

    For example, make it really clear to users enabling file sharing that people can and will try to break in if they connect to the Internet, so strong passwords or other security means are really necessary.

    It's a good thought, but consider this:

    You should be warned that ena*click*

    Are you sure that you want*click*

    Sweet. My files are shared.

    --
    Withdrawal before climax is very ineffective and those who try this are usually called "parents."
  7. Re:love of the Irish. by Theaetetus · · Score: 5, Funny
    The pat / patrick is rather weird, eh? only name in the list

    Hey! My son Temp123 would take offense at that!

    -T

  8. Yeah, but... by jrwillis · · Score: 5, Funny

    Is that case sensitive?

    --
    Keep Austin Weird!
    1. Re:Yeah, but... by _xeno_ · · Score: 5, Funny

      Yeah, I just checked. 88888888 won't work.

      --
      You are in a maze of twisty little relative jumps, all alike.
  9. Re:love of the Irish. by Jerf · · Score: 5, Funny

    "Son, it's time we had that special man-to-man talk about where babies come from. See, your mom and I tried to, uhhh, 'swap location', and everybody knows that to swap two variables, you need a temporary variable*. Well, you're that temporary variable. You just better hope you don't go out of scope soon..."

    (*: True in the general case, since the XOR trick only works in certain circumstances.)

  10. who's on first? by djupedal · · Score: 5, Funny

    "What's your password?" "It's random." "Great, glad you use a smart strategy, now tell me what it is, please." "I told you, it's 'random'" "How can it be random...you have to decide it when you rotate, and of course it's picked at random...so, anyhow, tell me what it is right now... " " it's random....I just told you!!!"

    1. Re:who's on first? by Scumbag+Tracker · · Score: 5, Funny

      To avoid being hacked, I set my password to "pi". Only problem is, now it takes me forever to log on in the morning. :-/

      --
      I track known Slashdot scumbags on my foes list!
  11. Luckily the world is safe... by ardu · · Score: 5, Funny

    since the worm doesn't try the most common password: ******