Worm_Wanor.A spreads via email using MAPI, according to antivirus software vendor Trend Micro. The subject line of the message is "Say Not War." This worm was designed to drop copies of itself in shared folders of popular peer-to-peer file-sharing applications, such as eDonkey2000, Kazaa, Morpheus, Grokster, Bearshare, and ICQ. However, it fails to execute this peer-to-peer propagation routine. If the worm runs at least 20 times, it hides the desktop icons and the Start menu. It then displays an anti-war message with the following text:
NOT WAR: NOT BLOOD FOR...
NOT WAR, SAY NOT WAR
It also continuously blinks the Num Lock LED indicator. Read technical details on this Trend Micro page.
Deloder Worm Targets Weak Password to Admin Account
Deloder is a network worm infecting Windows machines that have set a weak password to the "Administrator" account, according to antivirus software vendor F-Secure. It also installs remote access tool VNC, opening the computer to the world.
The worm scans random IP addresses, trying to locate Windows machines which have port 445 accessible. Port 445 (Microsoft SMB over TCP/IP) allows outsiders to access Windows file shares.
Most corporate machines are protected with centralized or distributed firewalls, which would block access to this port. However, many home computers have this port visible to the world and are vulnerable to this worm if the local administrator account has a weak password. Once a suitable machine is found, the worm tries to log on to the remote computer using login name Administrator and by trying 50 different passwords.
Read what those passwords are, and find out more about Deloder on this F-Secure page.
Compiled by Esther Shein.
Loading Comments...