1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Deloder Worm

System Infected: Deloder Worm

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

W32.HLLW.Deloder is a network-aware worm that attempts to connect to a target host using TCP port 445.

Additional Information

W32.HLLW.Deloder attempts to connect to a target host using TCP port 445. Upon successful connection, the worm copies a backdoor Trojan component, a file named inst.exe, to a set of paths hard-coded into the worm in order to load the Trojan from the StartUp folder. Then the worm attempts to launch several remote services that perform actions such as copying and executing the backdoor, copying and executing the worm, deleting default shares, and changing the attributes of the worm and backdoor Trojan to read only.

Affected

  • Microsoft Windows 2000 Advanced Server SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Datacenter Server SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Professional SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Resource Kit
  • Microsoft Windows 2000 Server SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Server Japanese Edition
  • Microsoft Windows 2000 Terminal Services SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Workstation rev.2031, rev.2072, rev.2195, SP1, SP2, SP3
  • Microsoft Windows Vista beta
  • Microsoft Windows XP
  • Microsoft Windows XP 64-bit Edition SP1
  • Microsoft Windows XP 64-bit Edition Version 2003 SP1
  • Microsoft Windows XP Embedded SP1
  • Microsoft Windows XP Home SP1, SP2
  • Microsoft Windows XP Media Center Edition SP1, SP2
  • Microsoft Windows XP Professional SP1, SP2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Tablet PC Edition SP1, SP2

Response

Refer to the following link for more information and instructions to remove the worm:

Symantec Write-up on W32.HLLW.Deloder
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube