Image may be NSFW.
Clik here to view.
There is a new malware worm spreading on the internet in search of usernames and weak passwords. This post will help you understand what the worm can and cannot do and how you can protect yourself.
In short, this so-called “Morto worm” spreads between Windows workstations and servers that run a Remote Desktop administration service. It scans the network for targets and attempts to connect using a list of basic passwords. If it succeeds in making a connection, it replicates itself and repeats.
At this time it is not directly damaging, however, modern malware often downloads updates and can become increasingly dangerous without notice. According to Mikko Hypponen of F-Secure Lab, the worm contains bot-like qualities and could potentially be used for distributed denial-of-service (DDoS) attacks.
To protect yourself, follow these four basic security principles:
1. Block Remote Desktop access from the internet. Use a VPN instead.
2. Ensure that all systems and servers are fully patched. If you must prioritize, patch servers first.
3. Ensure that all systems are running a modern anti-malware solution like Sophos.
4. Make sure that all remote access passwords are reasonably long and complex.
For technical details:
- https://isc.sans.edu/diary.html?storyid=11470
- http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FMorto.A
