‘Deloder’ uses a list of 50 common passwords to attack machines running Windows A new worm is targeting Windows machines with weak administrator account passwords, an antivirus company has warned. The Deloder network worm, which originated in China, can install the VNC remote access tool onto compromised computers so that hackers can administer them remotely. The worm scans random IP addresses, trying to locate Windows machines which have port 445 accessible. Port 445 (Microsoft SMB over TCP/IP) is legitimately used to allow trusted outsiders to access Windows file shares. Antivirus firm F-Secure said that corporates with firewall provision are unlikely to be at risk from the infection, which it rates as a ‘medium’ risk. “Most corporate machines are protected with centralised or distributed firewalls, which would block access to this port,” the company said. “However, many home computers have this port visible to the world and are vulnerable to this worm if the local administrator account has a weak password.” Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.