A new network worm that spreads through shared folders on machines running Microsoft Corp.’s Windows NT, 2000 and XP operating systems has been detected, according to advisories posted by a number of antivirus software makers today. The new worm, called W32/Lioten, also goes by the name Iraq_oil, Datrix, W32.Lioten, and I-Worm.Lioten, according to an advisory posted by Helsinki, Finland-based security company F-Secure Corp. Unlike other worms that spread through mass e-mailing, Lioten scans the Internet for vulnerable Windows machines that are sharing folders with other users on a home or business network. The worm finds new hosts to infect by randomly generating and attempting to connect to IP addresses on the Internet. The worm listens for responses on Port 445 from machines using Windows Server Message Block, a file- and resource-sharing protocol used in Windows environments. Once the new worm receives a response from a server, it attempts to crack that machine using a “brute-force” attack. The worm first obtains a list of user accounts on the machine and then attempts to log into each of those accounts by supplying values from its own list of likely passwords such as “admin,” “root,” “1234” and “asdf.” If the worm is successful in logging onto a machine using any of the user accounts, it places a copy of itself, iraq_oil.exe, in the System32 directory on that machine and creates a process on the machine to run the new executable. It is not known what else the worm does besides propagate itself, nor is the relevance of the “Iraq oil” reference understood, F-Secure said. Machines that are located behind a firewall are likely to be protected from the new worm. Even basic firewall configurations will block access to Port 445, according to F-Secure. Leading antivirus software makers including Symantec Corp.; Network Associates Inc., maker of McAfee; F-Secure Corp.; and Sophos PLC gave Lioten a “low” threat rating, indicating that the worm hasn’t spread widely on the Internet and that few if any infections linked to the Lioten worm have been reported. Still, antivirus companies today posted updated virus definitions that are capable of detecting the Lioten worm and recommended that customers running the affected operating systems download the latest virus definitions for their antivirus software. Related content feature Windows 11 Insider Previews: What’s in the latest build? Get the latest info on new preview builds of Windows 11 as they roll out to Windows Insiders. Now updated for Build 22635.3566 for the Beta Channel, released on April 26, 2024. By Preston Gralla Apr 26, 2024 251 mins Small and Medium Business Microsoft Windows 11 news Dropbox adds end-to-end encryption for team folders Dropbox this week unveiled a range of features, including security updates and key management, and the ability to co-edit Microsoft 365 documents from within the file-sharing app. By Matthew Finnegan Apr 26, 2024 3 mins Cloud Storage Collaboration Software Productivity Software feature Android versions: A living history from 1.0 to 15 Explore Android's ongoing evolution with this visual timeline of versions, starting B.C. (Before Cupcake) and going all the way to 2024's Android 15 (beta) release. By JR Raphael Apr 26, 2024 23 mins Small and Medium Business Smartphones Android news analysis The unspoken obnoxiousness of Google's Gemini improvements Google's Gemini chatbot is seeing all sorts of upgrades on Android this week, but those advancements reveal a darker underlying reality. By JR Raphael Apr 26, 2024 12 mins Google Assistant Google Android Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe