DeLoder Worm/Trojan Analysis (DeLoder-A)

Friday, 14 March 2003, 5:24 PM EST

A computer running Windows 2000 Professional was put online via a cable modem for ONLY 5 hours, from 4PM to 9PM, March 8, 2003. The purpose of this experiment was to verify if the recent outbreak of port 445 activities are related to worms, Trojans, or viruses.

The IRC type of worms and Trojans usually target home and small business users where there is less security around the network or computers. High Speed connections are getting more and more popular. Many home and business users who sign up for Cable Modem or DSL simply plug in their PC's without any security and protection. These PC's are therefore extremely vulnerable to these types of attacks.

What is the big deal about home users getting hit by these types of worms/Trojans? Answer: There could be huge ripple effects.

1. Compromised systems will connect to IRC Servers as a DDoS zombie and might be waiting for a command to start a DDoS attacks.

2. Compromised systems might be used as a VPN or dial-up client to the corporate network, resulting in a security vulnerability since VPNs and dial-up connections are the weakest link in secure computer networks.

[ Read more ]




Spotlight

Critical flaw in WiFi routers puts hotels and millions of guests at risk

A critical vulnerability in ANTlabs InnGate devices, a popular Internet gateway for visitor-based networks and commonly installed in hotels and convention centers, has been discovered. The flaw could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user's connection.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Mar 30th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //