There's never been a better time to change your password from 'password'...
By Patrick Gray
Published: 10 March 2003 14:21 GMT
A new worm, called Deloder, is showing signs of spreading via the internet - leaving two Trojan horse programs in its wake.
The worm has raised fears among security experts that the infection is paving the way for a potentially crippling distributed denial of service (DDoS) attack.
Although the experts are not yet rating the Deloder worm as a high risk to users, the technical make-up of the Trojans it leaves behind is of concern. They consist of a commonly used piece of network administration software called Virtual Network Computing (VNC), and an internet Relay Chat (IRC) "bot".
The VNC component allows an attacker to connect to an infected system and control it as if they were in front of it. They have full access through a graphical user interface.
The IRC bot, when activated, connects to a remote server and waits for commands, which could mean that infected systems are going to be used for a massive DDoS attack.
This worm, unlike others such as Klez, requires no user interaction to spread - it exploits common passwords, such as "password" and "computer", in share directories in Windows NT/2000/XP machines and hence spreads automatically.
However because the virus attacks through weak share directory passwords, the effect on corporations has been minimal because share directories are typically firewalled.
Daniel Zatz, a security spokesman from Computer Associates, says that they haven't received any reports of their customers being infected yet.
"Very little has been reported to the [antivirus] vendors themselves... I haven't spoken to any customers that have been impacted yet," he said.
Aside from potential DDoS implications, Zatz says that end users may be stung through identity theft - even a novice malicious hacker can access an infected system with ease.
"This is one of the ways that identity theft occurs," he said.
Despite this, Melbourne-based security consultant Adam Pointon says that the worm is hitting home users hard.
"It's been increasing threefold over the last few days," he said.
The SANS Institute's Internet Storm Centre, a research group that monitors the internet for attacks, have lifted its alert status from green to yellow. More information is available on SANS' website.
You may be asked for evidence of your identity, qualifications and eligibility to work in the UK. Please note that ECM are High-Tech Recruitment ...
You may be asked for evidence of your identity, qualifications and eligibility to work in the UK. Recruitment Experts. Our client is an established, ...
An Oracle Identity Manager is required for an end user client based in The South East. I am currently looking for a Oracle SSO specialist with High ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Is Your Enterprise Architected for Tomorrow's Growth?
Improving IT service delivery through an integrated approach to software asset management...
TechRepublic Resource Guide: Software as a Service (SaaS) for Small and Midsize Businesses...
Download a Free Trial of SmartDraw: Learn why SmartDraw is the ideal alternative...
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy