Simple Passwords Expose Your PC to Attack by 'Backdoor' Worm

Jon Miyake, Acceptable Use Policy Officer, 2 Jul 2003

On July 2, several Windows machines on campus were infected with the Backdoor.IRC.Flood.E worm before security personnel were able to shut it down. The virus, an IRC Trojan that scans for Windows machines and attempts to log in to them with a defined set of simplistic passwords, contaminated all of these campus machines in less than 30 minutes.

Backdoor.IRC.Flood.E is nothing special: it's "just" your normal, nasty, self-propagating worm that allows remote users access to your computer and all of the data contained therein, and you can protect yourself by taking a few simple precautions - starting with taking care in selecting your Windows password.

How to Protect Yourself

Change your password. If your Windows login password can be found in a dictionary (foreign language or otherwise) or if it's a non-random series of letters (such as abcdef, qwerty, etc.) and/or numbers (e.g. 123456, 111111) then it is weak and can be easily compromised. If your Windows login password fits this description, please change it to something that is secure.

Run Norton AntiVirus and enable its AutoProtect feature. If you're not running NAV, please do so and be sure to activate "AutoProtect". The program is site-licensed to the University of Oregon for use by faculty, staff, and students, and is included on the Duckware 2003 CD. You may also download it from http://it.uoregon.edu/

Basic security checklist: Using a secure password, keeping your computer up-to-date with Microsoft's critical patches, updating your virus definitions, enabling NAV's AutoProtect, and scheduling regular full system anti-viral scans of your computer goes a long way toward protecting your PC.

This may seem like a long "to-do" list for the average user, but most of these tasks can be automated after they're initially configured.

More advanced precautions. If you're running a version of Windows that allows you to modify system policies, such as Windows 2000, you may wish to tighten remote access to your system and limit the information that it could provide to remote attackers. If you're running a server class version of the Windows OS (e.g., Windows NT, Windows 2000) go through and disable any services or daemons that you don't need or use.

Information Resources

For complete details on Backdoor.IRC.Flood.E, read Symantec's information page at http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.flood.e.html

Our Software