Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
SP2 beta for Windows Server 2008, Vista available
'Tis the season for layoffs, firm reports
Number crunching: Stats about energy consumption, virtualization and cloud computing
Nokia's new N97 vs. the iPhone: Latest smartphone showdown
5 Must-Do Cyber Security Steps for Obama
Telco spending could drop more than 10% next year
Wanted: A long-term data center strategy
Microsoft tools build bridge between OpenXML, other formats
FastSoft technology speeds downloads for Getty Images
Open source developers set out software road map for 2020
VMware expands desktop virtualization capabilities
FBI warns of holiday cyber scams
Apple removes antivirus support page
Apple antivirus advice 'big to-do about nothing'
Cisco renews call for national broadband strategy


Security /
Send to a friend Feedback

Deloder worm targets weak passwords

Related linksToday's breaking news
Send to a friendFeedback

By Paul Roberts
IDG News Service, 03/10/03

A new worm on the Internet targets computers running the Microsoft Windows operating system, using easy-to-guess passwords for the Administrator account, according to alerts posted by a number of antivirus companies.

The new worm, W32/Deloder-A (Deloder), appeared on Sunday and is considered a low risk for infection, according to an alert posted by F-Secure of Helsinki, Finland.

Advertisement:

Deloader is believed to have originated in China, F-Secure said.

The worm attempts to connect to other computers on a network through TCP port 445, randomly generating IP addresses to locate vulnerable machines.

Port 445 is used to access shared files on Windows machines with the Server Message Block protocol.

When a vulnerable Windows machine is located, the worm attempts to log on to the machine's Administrator account by trying 50 likely passwords such as "admin," "password," "12345," and "administrator," F-Secure said.

If the worm succeeds in breaking the Administrator account password, it places copies of a backdoor, (trojan) program known as "inst.exe" in several locations on the infected machine.

The worm also modifies the machine's registry to run another copy of itself, "DVLDR32.EXE," according to advisories from F-Secure, Sophos and Symantec.

Machines running Windows 95, 98, NT, 2000, ME and XP are vulnerable to attack by Deloder, Symantec said.

No infections from Deloder have been reported and most firewalls block access to port 443. Still, many home computers without firewalls may be vulnerable to the new worm.

As of Monday morning, most antivirus companies posted updated virus definitions to detect the new Deloder worm, as well as utilities to remove the worm from infected machines.


The IDG News Service is a Network World affiliate.

Related Links

 

Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.

Get Copyright Clearance
Request a reprint or permission to use this article.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.