Version: 2008
  • On TechRepublic: Windows 7 keyboard shortcut cheat sheet
advertisementGet Smart about Business Spending

March 10, 2003 7:40 AM PST

Deloder slowly worms its way on Net

By Patrick Gray
Staff Writer, CNET News

  • Post a comment
Related Stories

E-mail viruses double in 2002

 December 16, 2002

Slapper worm smarting less

 September 20, 2002

New Klez worm squirms across Internet

 April 17, 2002

A year later, DDoS attacks still a major Web threat

 February 7, 2001
A new worm that leaves behind two Trojan horse programs has begun spreading over the Internet and may be paving the way for a crippling distributed denial of service attack.

Although the experts are not yet rating the Deloder worm as a high risk to PC users, the technical make-up of the Trojan horses it leaves behind is of concern. They consist of a commonly used piece of network administration software called Virtual Network Computing (VNC), and an Internet Relay Chat (IRC) bot, or remote-access Trojan horse.

The VNC component allows attackers to connect to an infected system and control it as if they were in front of it. They have full access through a graphical user interface.

The IRC bot, when activated, connects to a remote server and waits for commands, which could mean that infected systems are going to be used for a distributed denial of service attack.

This worm, unlike others such as Klez, requires no user interaction to spread--it exploits common passwords, such as "password" and "computer," in share directories in Windows NT/2000/XP machines and hence spreads automatically.

However, because the virus attacks through weak share-directory passwords, the effect on corporations has been minimal because share directories are typically firewalled.

Daniel Zatz, a security spokesman from Computer Associates International, says his company hasn't received any reports of customers being infected. "Very little has been reported to the (antivirus) vendors themselves,? he said.

Aside from potential denial-of-service implications, Zatz says that people may be stung through identity theft--even a novice malicious hacker can access an infected system with ease.

"This is one of the ways that identity theft occurs," he said.

Despite this, Melbourne, Australia-based security consultant Adam Pointon says that the worm is hitting home users hard. "It's been increasing threefold over the last few days," he said.

The SANS Institute's Internet Storm Center, a research group that monitors the Internet for attacks, has lifted the pertinent alert status from green to yellow. More information is available on SANS' Web site.

ZDNet Australia 's Patrick Gray reported from Sydney.

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Dow Jones Industrials (0.29%) 30.69 10,464.40
S&P 500 (0.45%) 4.98 1,110.63
NASDAQ (0.32%) 6.87 2,176.05
CNET TECH (0.21%) 3.29 1,601.96
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET