Microsoft says to be on the lookout for a new Windows worm which spreads by Remote Desktop Protocol (RDP) and looks for weak passwords. The worm, dubbed Win32/Morto, has already wormed its way into many networks and is becoming a growing problem.

Remote Desktop Connection (RDC) requires a username and a password to login to a computer and Morto simply scans for any systems with RDC enabled and uses commonly used password to break-in. Once in, Morto will disable antivirus, load additional malware and ready your computer to attack others. A trojan could also be planted into your computer to allow the attacker to control your computer for a Botnet style attack.

So far only a few thousand unique computers have reported the new viral worm but its infected computers in over 87 countries. Windows XP is the highest infected OS at 74%, Windows 7 at 14%, Windows 2003 at 8% and Windows 2008 at 2%.

"We've also discovered that Morto attempts to compromise more than just the 'Administrator' account when trying to brute force RDP connections with its simple dictionary attack. Initially it tests the affected machine's Internet connectivity by attempting to connect to IP 74.125.71.104 (this is an IP owned by a legitimate corporation and is otherwise unrelated to the malware). If this attempt is not successful, it then cycles through IP addresses on the affected computer's subnet and attempts to connect to targeted hosts using the following usernames:" said Microsoft in a security blog.

1
actuser
adm
admin
admin2
administrator
aspnet
backup
computer
console
david
guest
john
owner
root
server
sql
support
support_388945a0
sys
test2
test3
user
user1
user5

"Its important to remember that this malware does not exploit a vulnerability in Remote Desktop Protocol, but instead relies on weak passwords. If you haven't already, check if these usernames are being used in your environment and change the associated passwords to ones that are strong.  Even computers that have been cleaned of this threat can be easily reinfected if the passwords are not changed and the computer remains unprotected." Microsoft went on to state.

Related News:
Microsoft Windows 8 Milestone 2 Build 7927 Beta Leaked
CCleaner 3.10 Released For Windows Cleaning and Optimization
Microsoft Windows 8 File Management Features Revealed
Microsoft Windows XP Turns 10-Year-Old Today

---

Post a Comment
You must login or register before you can comment.