New Worm Targets Windows: WORM_DELODER.A

By klsh on March 9, 2003 8:42 PM | Permalink | Comments (0) | TrackBacks (0)

WORM_DELODER.A - Description and solution

As of March 9, 2:49 AM (US Pacific Time), a significant number of infection reports have reached TrendLabs regarding this new Internet worm, which has been found to be rapidly spreading in China.
This worm uses the valid utility, PSEXEC.EXE, to connect to remote machines. It attempts to log on to the machines as administrator using several passwords listed in its body. It connects via TCP port 445 and drops a copy of itself as Dvldr32.exe and a backdoor program as INST.EXE on accessible machines.

This worm uses TCP port 445, also known as the Microsoft-DS port, to connect to remote machines. It attempts to log on to these machines as administrator using any of the following 85 passwords:
<no password>
0
000000
00000000
007
1
110
111
111111
11111111
12
121212
123
123123
1234
12345
123456
1234567
12345678
123456789
1234qwer
123abc
123asd
123qwe
2002
2003
2600
54321
654321
88888888
a
aaa
abc
abc123
abcd
Admin
admin
admin123
administrator
alpha
asdf
computer
database
enable
foobar
god
godblessyou
home
ihavenopass
Internet
Login
login
love
mypass
mypass123
mypc
mypc123
oracle
owner
pass
passwd
Password
password
pat
patrick
pc
pw
pw123
pwd
qwer
root
secret
server
sex
super
sybase
temp
temp123
test
test123
win
xp
xxx
yxcv
zxcv

0 TrackBacks

Listed below are links to blogs that reference this entry: New Worm Targets Windows: WORM_DELODER.A.

TrackBack URL for this entry: http://kennethhunt.com/mt/mt-tb.cgi/689

Leave a comment