March 12, 2003, 9:47 AM — The CERT Coordination Center (CERT/CC) security organization based at Carnegie Mellon University in the U.S. has seen an increase in exploitation of weak administrator passwords on systems running Microsoft Corp.'s Windows 2000 or Windows XP operating systems, the organization said Tuesday.
Attacks are being particularly -- though not exclusively -- targeted at home broadband users running those operating systems, according to CERT/CC.
The weakness specifically refers to nonexistent or easily discovered passwords on SMB (Server Message Block) file shares, with thousands of systems being compromised in this way, CERT/CC said in an advisory.
Windows uses the SMB protocol to share files and printer resources with other computers. The two versions of the operating system referred to in the CERT bulletin transfer information via TCP/IP. These systems are vulnerable to attacks using tools such as W32/Deloder, GT-bot, sdbot, and W32/Slackor. Older operating systems which share SMB information differently are not vulnerable, according to CERT/CC.
According to CERT/CC, attackers who gain access in this way could:
-- exercise remote control;
-- expose confidential data;
-- install other malicious software;
-- change or delete files;
-- install or support tools for use in distributed denial-of-service (DDoS) attacks against other computers.
The scanning activities of these tools may also generate high volumes of traffic, causing the performance of some Internet-connected hosts or networks to deteriorate, CERT/CC said.
CERT/CC said that users should review their password procedures to create strong passwords, to run anti-virus programs and not to download or open material from an untrusted source.