Mofei worm and login attempts

  • Thread starter Thread starter Sarah H
  • Start date Start date
S

Sarah H

We have a computer on our network that was infected with the Mofei
worm. While it was infected, several accounts (many of them high-level
or administrative) got locked out by incorrect login attempts from
that machine. I know that the Mofei worm will try to access the
"administrator" account, but these 15 accounts all had very different
names. Does anyone know of the Mofei worm (also sometimes known as
Femot) behaving in this way? Can it get a list of account names to
try?
 
Not familiar with that particular critter, but yes, there is a way to
enumerate accounts (null-session exploit, I believe)

Greg
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Safeguard Your PC Against the Downadup Worm 18
"RAMNIT desktoplayer" Worm Removal Guide 14
Worms 6
anybody getting dodgy e-mails to update your Coolermaster login? 1
can't logon to XP Pro 2
Slow Worm 4
A new self-replicating Malware (Virus and Worm) attacks!!! 14
Question about Samy Worm and who it would affect 2

Back
Top