Microsoft Windows Administrator Default Password Detection (W32/Deloder Worm Susceptibility)

Critical Nessus Plugin ID 11454


The remote host is vulnerable to the W32/Deloder worm.


W32/Deloder is a worm that tries to connect to a remote share by using a list of built-in administrator passwords.

Nessus was able to connect to this host with one of these credentials. The worm W32/Deloder may use it to break into the remote host and upload infected data in the remote shares.


Change your administrator password to a strong one.

Plugin Details

Severity: Critical

ID: 11454

File Name: smb_login_deloder.nasl

Version: $Revision: 1.19 $

Type: local

Agent: windows

Family: Windows

Published: 2003/03/24

Modified: 2015/09/24

Dependencies: 10150, 10399, 10546, 10860

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/name

Excluded KB Items: SMB/any_login, global_settings/supplied_logins_only

Reference Information

CERT-CC: CA-2003-08