Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Morto - New RDP Internet Worm manipulates weak passwords

A new RDP worm is circulating on vulnerable systems with weak passwords:

Morto - New RDP Internet Worm manipulates weak passwords
http://www.f-secure.com/weblog/archives/00002227.html
http://www.eweek.com/c/a/Security/Morto-Worm-Infects-Windows-Systems-With-Weak-Passwords-815241/
http://isc.sans.org/diary/Internet+Worm+in+the+Wild/11470
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32%2fMorto.gen!A
http://www.theregister.co.uk/2011/08/28/morto_worm_spreading/
http://blogs.computerworld.com/18870/morto_worm_spreading_fast_via_rdp

QUOTE: A new worm, called "Morto," has been infecting machines via Remote Desktop Protocol on Windows machines, according to security researchers. Morto is the first Internet worm to use RDP as an infection vector. Morto "appears to simply attempt to compromise systems by trying 30 common passwords for the Windows Administrator account over RDP,"  This particular worm highlights the importance of setting strong system passwords," said Microsoft's Gradascevic. "The ability of attackers to exploit weak passwords shouldn't be underestimated."

SYMPTOMS OF AN INFECTION: This creates a lot of traffic for port 3389/TCP, which is the RDP port.