Worm/Trojan "Randon" Threatens Port 445
Posted on 05.03.2003
A new blended worm / trojan threat appears. Kaspersky Labs, an international data security software developer, reports registered infections at the hands of the new network worm "Randon". Kaspersky Labs has already received several incident reports from both Russian and the Netherlands connected with this malicious program.

"Randon" spreads via IRC channels and local area networks and infects computers running Windows 2000 and Windows XP. To penetrate computer systems the worm registers itself in the IRC server (or local area network), scans for all present users and connects to victim computers via port 445 and attempts to gain access by using a fixed list of the most commonly used passwords. When "Randon" manages to successfully break-in it proceeds to transmit to this system the Trojan program "Apher", which then, from a remote web site, loads worm's remaining components (a total of 13 files, including a full-fledged mIRC client for work with IRC channels).

"Randon" installs its components to the Windows system directory, registers its main file and the mIRC client in the Windows registry auto-run key, and then executes them. To keep its activities secret, "Randon" uses a special utility called "HideWindows", which is also part of the worm. "HideWindows" renders the worm invisible to victims and its active processes can only be detected in the Windows task manager.

Fortunately "Randon" does not carry out any destructive functions. Collateral effects on infected machines include a high volume of redundant or excess traffic and the overflow of IRC channels. To defend against this worm it is enough to load an updated anti-virus program, install a personal firewall such as KasperskyR Anti-Hacker or use long access passwords.

The defense against "Randon" has already been added to the KasperskyR Anti-Virus databases.

A more detailed description of the "Randon" worm can be found in the Kaspersky Virus Encyclopedia. HNS copy: http://www.net-security.org/virus_item.php?id=4433





Spotlight

New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Dec 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //