First Incidents Involving the ‘Deloder’ Worm

Panda Software, leading antivirus developer, reports that it has started to receive incidents involving the Deloder worm (W32/Deloder.A).

Deloder is a worm, originating from China, which infects computers running under Windows 2000 and XP. In order to spread, this malicious code searches across the Internet for computers to which it can connect through port 445. If a successful connection is made, it copies a file called INST.EXE in the Windows Start folder. This file is a Trojan designed to open a backdoor in the computer. Once it has done this, Deloder also copies a file called DVLDR32.EXE in the infected computer, which contains a copy of the worm.

Similarly, Deloder tries to obtain the names of all the users connected to the same network as the infected computer. After it has done this, it tries to access each computer using a set list of typical passwords.

Finally, Deloder disables shared network resources and inserts new entries in the Windows Registry in order to ensure that the worm is run permanently on affected computers.

The actions carried out by Deloder could affect the normal functioning of a network, and for this reason Panda Software advises users to update their antiviruses as soon as possible. The company has already made the updates to its products available to users to ensure their solutions can detect and eliminate Deloder. Those whose software is not configured to update automatically, should update their solutions from http://www.pandasoftware.com/.

More detailed information about this worm is available in Panda Software’s Virus Encyclopedia at: http://www.pandasoftware.com/virus_info/.