Anti-virus developer Panda Software, has reported that it has started to receive incidents involving the Deloder worm (W32/Deloder.A).
Deloder is a worm, originating from China, which infects computers running under Windows 2000 and XP. In order to spread, this malicious code searches across the Internet for computers to which it can connect through port 445. If a successful connection is made, it copies a file called INST.EXE in the Windows Start folder. This file is a Trojan designed to open a backdoor in the computer. Once it has done this, Deloder also copies a file called DVLDR32.EXE in the infected computer, which contains a copy of the worm.
Similarly, Deloder tries to obtain the names of all the users connected to the same network as the infected computer. After it has done this, it tries to access each computer using a set list of typical passwords.
Finally, Deloder disables shared network resources and inserts new entries in the Windows Registry in order to ensure that the worm is run permanently on affected computers.
The actions carried out by Deloder could affect the normal functioning of a network and users are advised to update their anti-virus code as soon as possible. Those whose software is not configured to update automatically, should update their solutions from their vendor's website.