Say HI to Deloder, the new network worm.
Yep there is a new worm today. It's called Deloder and it will be hitting a Windows PC near you soon. Look out for the program, the file is DVLDR32.EXE. The worm spreads by scanning random IP addresses, trying to connect on Port 445. Port 445 (Microsoft SMB over TCP/IP) allows outsiders to access Windows file shares. It then tries to obtain a list of computers connected to the same network and attempts to access them using default passwords, as explained in an advisory by Finnish AV specialist F-Secure. Finally, Deloder disables shared network resources and places entries in the Windows Registry of compromised machines to make sure it is always run. This action has the side-effect of disabling network sharing. I love Windows, wonder if I should turn on sharing on the Pocket PC. Read more here.