Malware type: Worm

Aliases: Worm.Win32.Lioten (Kaspersky), W32/Lioten.worm (McAfee), W32.HLLW.Lioten (Symantec), Worm/Lioten.2 (Avira), W32/Lioten-A (Sophos), Worm:Win32/Lioten.A (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 2000 / XP

Encrypted: No

Description: 
This network worm spreads to and runs only on systems running on Windows 2000/XP/.NET. It attempts to connect to random IP addresses and access a remote network share. It completes this malicious routine by utilizing the Server Message Block (SMB) service at port 445 and uses the Anonymous null session passwords exploit and weak password attack to gain access to the remote share.

Microsoft provides more information on Windows 2000/XP/.NET null session password in the article, Differences in default security settings.

For additional information about this threat, see:
Solution
Technical Details

Description created: Dec. 16, 2002 6:23:02 PM GMT -0800
Description updated: Dec. 17, 2002 3:23:55 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.