This is a primitive virus,
but very effective IF it should get into a privileged account.
10. It proceeds to attempt to access other systems by picking node
numbers at random. It then uses PHONE to get a list of active users on
the remote system. It proceeds to irritate them by using PHONE to ring
them.
11. The program then tries to access the RIGHTSLIST file and attempts
to access some remote system using the users found and a list of
`standard' users included within the worm. It looks for passwords
which are the same as that of the account or are blank. It records all
such accounts.
12. It looks for an account that has access to SYSUAF.DAT.
13. If a priv. account is found, the program is copied to that account
and started. If no priv. account was found, it is copied to other
accounts found on the random system.
14. As soon as it finishes with a system, it picks another random
system and repeats (forever).
Response:
1. The following program will block the worm. Extract the following
code and execute it. It will use minimal resources. It creates a
process named NETW_BLOCK which will prevent the worm from running.
Editors note: This fix will work only with this version of the worm.
Pages:
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101