Kapersky names unsafe ports in an Opasoft storm

By Matt Whipp

Posted on 4 Oct 2002 at 12:19

Day four and the Opasoft worm accounts for 40 per cent of reported infections

First discovered on 1 October, the Opasoft worm has spread globally and now accounts for 40 per cent of all cases reported to antivirus experts Kapersky Labs. The company has now updated its Web site with new details of the worm, including which ports it uses to spread itself.

The worm scans the Web for machines with Windows 95, 98 and ME installed and tries to get into the C: drive by repeatedly trying different passwords. If it gains access it scan other connected networks. It also plants Trojans that report back to the Opasoft Web site and downloads the latest versions of the virus as well as downloading and running scripts. The Opasoft Web site has now been taken off-line.

In order to search infected systems, the worm targets ports 137 and 139, which are accepted in Windows networks for exchanging data.

Kapersky has issued instructions for users to protect themselves against the worm.

'Home Users must check if any computer services have been assigned for user files or printers. To do this, users should right click on the Network Neighborhood icon, select Properties and click on File and Printer Sharing. A window opens showing the current status of services, if system access to services has been established inappropriately users can then correct it. If a user knowingly opens access to Disk C, it is then necessary to make certain that it is password protected with a long password with no less than two symbols.'

System Administrators are recommended to protect access to ports 137 and 139 from external access. Computers that must transmit data to external networks via these ports, should be properly password protected.'

For full details of the Opasoft worm, point your browser at Kapersky's definition.