Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Lioten.A

Overview

Threat Risk LOW LOW
Destructivity NONE NONE
Payload
Detection files published 17 Dec 2002 03:00:00
Description created 17 Dec 2002 05:41:00
Description updated 18 Dec 2002 06:31:00
Malware type WORM
Alias W32/HLLW.Lioten
Spreading mechanism NETWORK
Summary None

W32/Lioten.A

Spreading

The worm generates random IP numbers and tries to connect to these on port 445/tcp. This is the port used for NT network sharing. It will try to log in to the C$, Admin$ or IPC$ shares using standard passwords:"admin""root""111""123""1234""123456""654321""1""!@#$""asdf""asdfgh""!@#$%""!@#$%^""!@#$%^&""!@#$%^&*""server"If this is succesful, it will copy itself over as iraq_oil.exe, and add the file as a scheduled task to be run on the remote computer.

Payload Details

n/a

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:11