Deloder worm leaves behind two Trojan horses

The latest Internet worm infects Windows NT/2000/XP Professional machines with two Trojan horses and leaves infected systems open for use in future distributed denial-of-service (DDoS) attacks. Unlike previous worms, Deloder (w32.deloder.a) does not spread using e-mail; rather, it scans the Internet looking for open 445 TCP/IP ports. Deloder carries an infected version of a commonly available network remote administration tool, Virtual Network Computing (VNC), and an Internet Relay Chat (IRC) bot. VNC can be used for legitimate remote access purposes, but used within the context of this worm, it is considered to be a Trojan horse. Because Deloder spreads via shared network connections and could cause future damage to files and systems alike, this worm rates a 6 on the CNET Virus Meter. Deloder scans the Internet, searching for computers with an open Windows port 445, which corresponds to Microsoft Service Message Block (SMB) over TCP/IP. This port allows the sharing of Windows files, usually protected with passwords. Deloder tries a number of different weak passwords such as password or computer in order to gain access to computers on a network. Corporate systems with strong file-sharing passwords and those behind firewalls should be protected. However, many home systems with default or weak passwords and no firewall may be vulnerable to unauthorized remote access, courtesy of this worm.