|Check Point Reference:||SBP-2006-01|
|Date Published:||24 Jan 2006|
|Last Updated:||8 May 2007|
|Source:||SmartDefense Research Center|
|Protection Provided by:|
|Who is Vulnerable?||Microsoft Windows clients|
|Vulnerability Description||CIFS is an extension to the Message Block Server (SMB) protocol, a network protocol native to Windows systems which allows sharing of files and printers across a network. In recent years we have witnessed various worms attempting to compromise and spread through Windows machines with weak, default passwords. By trying to repeatedly authenticate to a SMB connected server using different passwords, it is possible to crack user accounts on the remote target or compromise the target.|
|Vulnerability Details||SMB is a client-server protocol, used for sharing files, printers and communications information (e.g named pipes) between computers. There are many viruses attempting to propagate through network shares by using weak passwords, such as:|
Deloder - win32.Deloder is a network worm which attempts to compromise and spread through Windows machines with weak, default passwords.
sdbot - W32/Sdbot-AGD is a worm and IRC backdoor Trojan for the Windows platform. This worms spreads to other network computers by exploiting common buffer overflow vulnerabilities and by copying itself to network shares protected by weak passwords.
Lioten - Win32.Lioten.A is a worm which spreads over shared drives by trying to guess Windows passwords.
Lovegate - W32/Lovgate-AH is a mass mailing worm which spreads by email, by copying itself to network shares protected by weak passwords and via the KaZaA peer-to-peer network.