Worm/Trojan "Randon" Threatens Port 445
Posted on 05.03.2003
A new blended worm / trojan threat appears. Kaspersky Labs, an international data security software developer, reports registered infections at the hands of the new network worm "Randon". Kaspersky Labs has already received several incident reports from both Russian and the Netherlands connected with this malicious program.

"Randon" spreads via IRC channels and local area networks and infects computers running Windows 2000 and Windows XP. To penetrate computer systems the worm registers itself in the IRC server (or local area network), scans for all present users and connects to victim computers via port 445 and attempts to gain access by using a fixed list of the most commonly used passwords. When "Randon" manages to successfully break-in it proceeds to transmit to this system the Trojan program "Apher", which then, from a remote web site, loads worm's remaining components (a total of 13 files, including a full-fledged mIRC client for work with IRC channels).

"Randon" installs its components to the Windows system directory, registers its main file and the mIRC client in the Windows registry auto-run key, and then executes them. To keep its activities secret, "Randon" uses a special utility called "HideWindows", which is also part of the worm. "HideWindows" renders the worm invisible to victims and its active processes can only be detected in the Windows task manager.

Fortunately "Randon" does not carry out any destructive functions. Collateral effects on infected machines include a high volume of redundant or excess traffic and the overflow of IRC channels. To defend against this worm it is enough to load an updated anti-virus program, install a personal firewall such as KasperskyR Anti-Hacker or use long access passwords.

The defense against "Randon" has already been added to the KasperskyR Anti-Virus databases.

A more detailed description of the "Randon" worm can be found in the Kaspersky Virus Encyclopedia. HNS copy: http://www.net-security.org/virus_item.php?id=4433





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //