I think I remember something on this from quite a while back. This is either
a new version of it or this worm is close to a year old. Anyway, file and
print sharing is dissabled by default. Any users that don't know better than
to enable full access to C$ and not at least password protect it probably
wouldn't be reading this.
""Michael Grant"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello everybody.
>
> Not long after I hooked up to the internet with my DSL connection, I
> suffered a security breach due to a persistant internet worm. Here is some
info on what
> I found out about it through removing it from my system:
This is not an implication that "hackers will get you" if you get DLS or
cable is it? File/Print sharing still works on dial up just the same, maybe
better considering my Cable provider blocks 137-139 and my dialup provider
didn't.
> "Bymer" worm/backdoor program info:
>
> - Infects "Shared Folders" in Win 9x local area networks.
> - Looks for vulnerabilities in internet-connected LANs due
> to file sharing and lack of passwords for shared resources.
> - "Drops" a copy of the DNETC.EXE client, a legitimate program
> used by the Distributed.net organization, who with internet
> user's permission uses it to share all the members of
> Distributed.net's computer resources at once; in effect
> allowing their members to have access to the "world's biggest
> computer".
> - Creates WININIT.EXE in the C:\Windows\System directory as a
> backdoor to provide remote access & control of your computer
> by the user of the DNETC.EXE client.
>
> Solution:
Dissable password free file/print sharing.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16456&t=16451
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]