Worm/Trojan "Randon" Threatens Port 445
Posted on 05.03.2003
A new blended worm / trojan threat appears. Kaspersky Labs, an international data security software developer, reports registered infections at the hands of the new network worm "Randon". Kaspersky Labs has already received several incident reports from both Russian and the Netherlands connected with this malicious program.

"Randon" spreads via IRC channels and local area networks and infects computers running Windows 2000 and Windows XP. To penetrate computer systems the worm registers itself in the IRC server (or local area network), scans for all present users and connects to victim computers via port 445 and attempts to gain access by using a fixed list of the most commonly used passwords. When "Randon" manages to successfully break-in it proceeds to transmit to this system the Trojan program "Apher", which then, from a remote web site, loads worm's remaining components (a total of 13 files, including a full-fledged mIRC client for work with IRC channels).

"Randon" installs its components to the Windows system directory, registers its main file and the mIRC client in the Windows registry auto-run key, and then executes them. To keep its activities secret, "Randon" uses a special utility called "HideWindows", which is also part of the worm. "HideWindows" renders the worm invisible to victims and its active processes can only be detected in the Windows task manager.

Fortunately "Randon" does not carry out any destructive functions. Collateral effects on infected machines include a high volume of redundant or excess traffic and the overflow of IRC channels. To defend against this worm it is enough to load an updated anti-virus program, install a personal firewall such as KasperskyR Anti-Hacker or use long access passwords.

The defense against "Randon" has already been added to the KasperskyR Anti-Virus databases.

A more detailed description of the "Randon" worm can be found in the Kaspersky Virus Encyclopedia. HNS copy: http://www.net-security.org/virus_item.php?id=4433


How to keep your contactless payments secure

Posted on 19 September 2014.  |  Fraudsters can pickpocket a victimís financial data using low-cost electronics that can fit into a rucksack. Here are the top security threats you should be aware of if youíre using a RF-based card, along with our top safety tips to keep your payments secure.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 22nd