Results 1 to 3 of 3

Thread: *Heads Up* WORM_DELODER.A

  1. #1

    *Heads Up* WORM_DELODER.A

    Description:

    As of March 9, 2:49 AM (US Pacific Time), a significant number of infection reports have reached TrendLabs regarding this new Internet worm, which has been found to be rapidly spreading in China.

    This network worm uses the valid utility, PSEXEC.EXE, to connect to remote machines on the same network. It attempts to log on to remote machines as administrator using several passwords listed in its body. It connects via TCP port 445.

    It drops a copy of itself as Dvldr32.exe and a backdoor program as INST.EXE on accessible machines.

    This worm, which runs on Windows 2000 and XP, disables hidden remote shares.
    ...more

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    And evidentally, it's nasty. Incidents is now Yellow and showing huge scanning for port 445. I hate to think what tomorrow will be like when all the admins come in to unpatched systems.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    From http://wiki.sans.org/tiki-index.php?page=DeloderWorm
    " The Harbin Institute of Technology & Antiy United Cert Group has a good technical writeup . It covers files involved, registry keys modified, and how to kill off the worm."
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •