Worm-Deborn...Watch Out!!!

September 2009

Is Worm.Deborm hiding in your LAN?

Computer worms, viruses, Trojans and other threats are increasingly looking for ways to exploit systems. Some of them actively try to break into a user’s PC and others just patiently wait till the user provides the way to the system. But no matter how a threat finds its way into a PC; the most important thing is that as soon as one enters the system, the machine is at risk of being destroyed or otherwise negatively affected. That is the case with Deborm, a worm spreading itself without any user intervention. Deborm has the ability to propagate itself via networks. In other words, Worm.Deborm spreads itself over a local area network (LAN) to any computers that have writable file shares. Once executed, Worm.Deborm will copy itself to a startup folder; as a result, it will automatically run upon reboot. This parasite has the ability to break simple passwords that are used either on the machine or when surfing the web. It is also important to note that Deborm worm will install a backdoor that will then allow a remote attacker access to a user’s computer system. Through this backdoor cyber criminals will be able to download additional malware, execute suspicious and often malicious programs, as well as steal confidential personal and financial information. Worm.Deborm is known to be related to a file called malware.exe. It has many distinct variants with different MD5 signatures.