Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43438
  • Total Topics: 16532
  • Online today: 3056
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 3
Guests: 2912
Total: 2915









Author Topic: "Morto" worm atack on Windows Remote Desktop connections (port 3389)  (Read 4122 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


We've had reports of a new worm in the wild and that generates increased RDP traffic for our users on port 3389. Although the overall numbers of computers reporting detections are low in comparison to more established malware families, the traffic it generates is noticeable. The worm is detected as Worm:Win32/Morto.A and you can see a detailed description of it at Worm:Win32/Morto.A : http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32%2fMorto.A

Morto attempts to compromise Remote Desktop connections in order to penetrate remote systems, by exploiting weak administrator passwords. Once a new system is compromised, it connects to a remote server in order to download additional information and update its components. It also terminates processes for locally running security applications in order to ensure its activity continues uninterrupted. Affected users should note that a reboot may be required in order to complete the cleaning process.
 
This particular worm highlights the importance of setting strong system passwords. Using strong passwords can go a long way towards protecting your environment -- and  the ability of attackers to exploit weak passwords shouldn't be underestimated.

For example, Morto tries the following passwords:
 
*1234
0
111
123
369
1111
12345
111111
123123
123321
123456
168168
520520
654321
666666
888888
1234567
12345678
123456789
1234567890
%u%
%u%12
1234qwer
1q2w3e
1qaz2wsx
aaa
abc123
abcd1234
admin
admin123
letmein
pass
password
server
test
user
 

When creating strong passwords, remember that the key to a strong password is length and complexity. Here's a few tips to keep in mind:
   
- An ideal password is long and has letters, punctuation, symbols, and numbers.
   
- Whenever possible, use at least 14 characters or more.
   
- The greater the variety of characters in your password, the better.
   
- Use the entire keyboard, not just the letters and characters you use or see most often.


For more advice on creating (and remembering) strong passwords, visit Microsoft's Safety and Security Center: http://www.microsoft.com/security/online-privacy/passwords-create.aspx


FYI here are some examples of files that are being detected as Win32/Morto
:

0x48AE936692FFBD14782D5C97DD067402FBB52356
0x6929EAD324EFA7A667BAE88A041F546DBBECBF26
0x188BA0E3A03BFFFF4B9C96721AC70EF68D19A86E

(MMPC)

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023