Latest blended threat is high impact but low risk

A new "blended threat" internet worm made its presence felt over the weekend, causing antivirus companies to issue Medium or Low risk warnings and network operators to struggle to block a spike in traffic targeting a certain TCP/IP port.

The Deloder worm caught the attention of experts as unlike email worms it requires no user intervention to spread and carries a Trojan program as its payload. It also had a scattershot approach to spreading, which caused unusual traffic on the internet.

Deloder scans random IP addresses via port 445 (Windows Server Message Block, used for file-sharing) in the hope of finding Windows machines with shared folders that are either not password protected or have weak or default passwords such as password.

The Trojan payload is a backdoor that installs a couple of remote access tools, described by Trend Micro Inc as legitimate software, that would allow the worm’s author to take control over an infected machine remotely.

While few machines are believed to have been compromised, internet-wide port 445 probes, as measured by the Internet Storm Center, leapt from nowhere to account for about a third of incident reports made by intrusion detection systems over the weekend.

This worm is a good example of a blended threat, since it is a worm and drops a Trojan, said a Computer Associates International Inc spokesperson. He added: None of the techniques used by this worm are new.

Source: Computerwire

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing