How can I help you? Start Chat

US Phone: 1-866-488-6691
International Phone: +44-2036087492

  • E-Mail
  • Facebook
  • LinkedIn
  • Twitter

Check Point Advisories

Security Best Practice: Protection against CIFS Brute-Force Attacks

Check Point Reference: SBP-2006-01
Date Published: 24 Jan 2006
Severity: Medium
Last Updated: 8 May 2007
Source: SmartDefense Research Center
Protection Provided by:
Who is Vulnerable? Microsoft Windows clients
Vulnerability Description CIFS is an extension to the Message Block Server (SMB) protocol, a network protocol native to Windows systems which allows sharing of files and printers across a network. In recent years we have witnessed various worms attempting to compromise and spread through Windows machines with weak, default passwords. By trying to repeatedly authenticate to a SMB connected server using different passwords, it is possible to crack user accounts on the remote target or compromise the target.
Vulnerability DetailsSMB is a client-server protocol, used for sharing files, printers and communications information (e.g named pipes) between computers. There are many viruses attempting to propagate through network shares by using weak passwords, such as:
Deloder - win32.Deloder is a network worm which attempts to compromise and spread through Windows machines with weak, default passwords.
sdbot - W32/Sdbot-AGD is a worm and IRC backdoor Trojan for the Windows platform. This worms spreads to other network computers by exploiting common buffer overflow vulnerabilities and by copying itself to network shares protected by weak passwords.
Lioten -  Win32.Lioten.A is a worm which spreads over shared drives by trying to guess Windows passwords. 
Lovegate -  W32/Lovgate-AH is a mass mailing worm which spreads by email, by copying itself to network shares protected by weak passwords and via the KaZaA peer-to-peer network.

Protection Overview