Windows: Internet Worm Morto in the Wild
| SUMMARY: | Windows: Internet Worm Morto in the Wild |
| POSTED ON: | 08/30/2011 |
| REPORTER: | Jocelyn E Kasamoto (jocelyn) |
| START TIME: | Aug 30 03:54 PM |
| END TIME: | Sep 29 03:55 PM |
| DESCRIPTION: |
SANS reported that Morto, the latest Internet worm, is spreading quickly through Microsoft Windows Remote Desktop Protocol (RDP).
The worm targets Windows workstations and servers and spreads by compromising weak passwords for Remote Desktop Protocol (RDP) connections (port 3389) on a network. It can generate a large amount of outbound RDP traffic. To better protect your systems against this worm (and in general), use strong passwords. See http://www.hawaii.edu/askus/705 for password guidelines. McAfee detects this Internet worm as W32/Morto.dll or W32/Morto. DAT 6453 (8/29/11) is required for detection. Despite the media hype, McAfee rates this worm as low. For more information http://isc.sans.edu/diary.html?storyid=11470 http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FMorto.A http://home.mcafee.com/virusinfo/virusprofile.aspx?key=573843 http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=573838 http://www.f-secure.com/v-descs/worm_w32_morto_a.shtml http://news.techworld.com/security/3300044/microsoft-warns-over-password-stealing-morto-worm/ http://nakedsecurity.sophos.com/2011/08/30/morto-rdp-worm-of-death/ http://www.computerworld.com/s/article/9219555/New_Windows_worm_spreads_by_attacking_weak_passwords |