Windows broadband users targeted by attackers

The CERT Coordination Center security organization based at Carnegie Mellon University said Tuesday  it has seen an increase in exploitation of weak administrator passwords on systems running Microsoft's Windows 2000 or Windows XP operating systems.

Attacks are being particularly - though not exclusively - targeted at home broadband users running those operating systems, according to CERT/CC.

The weakness specifically refers to nonexistent or easily discovered passwords on Server Message Block (SMB) file shares, with thousands of systems being compromised in this way, CERT/CC said in an advisory.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The CERT Coordination Center security organization based at Carnegie Mellon University said Tuesday  it has seen an increase in exploitation of weak administrator passwords on systems running Microsoft's Windows 2000 or Windows XP operating systems.

Attacks are being particularly - though not exclusively - targeted at home broadband users running those operating systems, according to CERT/CC.

The weakness specifically refers to nonexistent or easily discovered passwords on Server Message Block (SMB) file shares, with thousands of systems being compromised in this way, CERT/CC said in an advisory.

Windows uses the SMB protocol to share files and printer resources with other computers. The two versions of the operating system referred to in the CERT bulletin transfer information via TCP/IP. These systems are vulnerable to attacks using tools such as W32/Deloder, GT-bot, sdbot, and W32/Slackor. Older operating systems which share SMB information differently are not vulnerable, according to CERT/CC.

According to CERT/CC, attackers who gain access in this way could:

• Exercise remote control.
•  Expose confidential data.
• Install other malicious software.
• Change or delete files.
• Install or support tools for use in distributed denial-of-service attacks against other computers.

The scanning activities of these tools may also generate high volumes of traffic, causing the performance of some Internet-connected hosts or networks to deteriorate, CERT/CC said.

CERT/CC said that users should review their password procedures to create strong passwords, to run antivirus programs and not to download or open material from an untrusted source.

The IDG News Service is a Network World affiliate.