Select countryOslo, 8 November 2002
The data security company Norman ASA now warns against the network worm Opaserv, seeing that the number of PC infected with different variants of the Opaserv has increased the last couple of days. The worm uses a security hole in Windows 95/98/ME to break a password for file sharing.
Opaserv was first discovered at the beginning of October, but was overshadowed by the Bugbear and Klez viruses. Norman is experiencing now that a lot of customers believe they are infected, but we can reassure them that they most probably are protected as long as they have updated their anti-virus software.
A common symptom of an infection attempt is that the anti-virus software gives multiple alarms of finding W32/Opaserv. The reason for this is that the virus copies itself onto the computer from other infected computers on the Internet. The anti-virus program discovers and removes the worm, and at the same time sends the user a message saying that it has found an infected file. A lot of people wrongfully believe that Opaserv actually has infected their PC and also believe that their anti-virus software doesn’t work
To avoid W32/Opaserv attempting to infect the PC we recommend the following:
- If you still need to share out your C-drive, remember to password protect it with a solid password
- Opaserv uses a security vulnerability in Windows 9x/ME to crack network share passwords. Download and install the patch from Microsoft to remedy this.
For more information:
Description of W32/Opaserv: http://www.norman.com/virus_info/w32_opaserv_a.shtml
Patch from Microsoft: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-072.asp
The following systems are subject to infection:
- PCs connected to the internet with Win95/98/ME with active, non-password protected c-disk sharing
- PCs connected to the internet with Win95/98/ME with active, password protected c-disk sharing, but which do not have the security patch from Microsoft installed