A new worm on the Internet targets computers running the Microsoft Windows operating system, using easy-to-guess passwords for the Administrator account, according to alerts posted by a number of antivirus companies. The new worm, W32/Deloder-A (Deloder), appeared on Sunday and is considered a low risk for infection, according to an alert posted by F-Secure of Helsinki, Finland. Deloader is believed to have originated in China, F-Secure said. The worm attempts to connect to other computers on a network through TCP port 445, randomly generating IP addresses to locate vulnerable machines. Port 445 is used to access shared files on Windows machines with the Server Message Block protocol. When a vulnerable Windows machine is located, the worm attempts to log on to the machine’s Administrator account by trying 50 likely passwords such as “admin,” “password,” “12345,” and “administrator,” F-Secure said. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.