ID: IRCNE2011081234
Date: 2011-08-30
According to "computerworld", A new Windows worm is working its way through company networks by taking advantage of weak passwords, security researchers said over the weekend.
The worm, dubbed "Morto" by Microsoft and Helsinki-based F-Secure, has been circulating since at least last week. The Morto worm spreads by logging in to Remote Desktop servers using weak passwords like "abc123."
Windows PCs infected with Morto scan the local network for other machines that have RDC switched on, then try to log in to a Remote Desktop server using a pre-set list of common passwords, said F-Secure. If one of the passwords works, the worm then downloads additional malware components to the just-victimized server and kills security software to remain hidden.
Morto's purpose may be to crank out denial-of-service attacks against hacker-designated targets, said Microsoft in the write-up published Sunday.
Although Microsoft patched RDP just three weeks ago as part of August's monthly security update, Morto does not exploit that vulnerabilitys.
- 3