| Deloder Worm | |||||||||||||||
| Worm uses easily guessed passwords to crack system | |||||||||||||||
Discovered March 9, 2003, the Deloder worm spreads over the Internet to Windows 2000 and XP systems via TCP port 445. If Microsoft SMB over TCP\IP is disabled, or a good firewall employed, or strong password protection used, the worm will be unable to access/infect the system. The Deloder worm attempts to break into systems using easily guessed passwords, including empty passwords and those comprised entirely of lower case x. According to antivirus vendor F-Secure, other passwords guessed by the worm include:
Once an infectable system has been accessed, Deloder creates copies of itself in various folders and adds a registry key that will cause the worm to be executed when the system is rebooted. Deloder also drops an IRC trojan into the Windows directory \fonts folder.
Deloder also deletes certain common Windows shares. Ordinarily, these shares are automatically reinstated by the operating system when the machine is rebooted. However, if the system is actively infected by the Deloder worm, rebooting the system will reload the worm and re-delete the shares. Once the worm has been removed properly, a system reboot should restore the previously deleted shares.
Though Deloder cannot infect from machines other than Windows NT, 2000, and XP, it can drop copies of itself to other Windows operating system, i.e. Windows 95/98 and ME.
Antivirus software updated March 9, 2003 or later should have no difficulty detecting and removing this worm.
|
|||||||||||||||
Explore Antivirus Software
Must Reads
More from About.com
Lower Cholesterol
How to lower yours and eat healthy.Dog Care
Get tips on training and caring for dogs of all ages.48 Hours in Vegas
Plan a hot weekend in Sin City.Just for Grads
Celebrate the graduate in your life.
©2008 About.com, a part of The New York Times Company.
All rights reserved.