Recently, another worm has been discovered and is making its way through the Internet. “Morto” is a little different then previous worms we have seen as far as propagation is concerned. The Morto worm leverages poorly provisioned usernames and passwords to log into Microsoft Remote Desktop Protocol (MSRDP) enabled systems.

Once a system is infected, the worm will attempt to propagate to other systems on the network running MSRDP. The worm utilizes approximately 25 different common
usernames and 37 common passwords to attempt gaining access to systems running the MSRDP service. Once a system is compromised, the worm also modifies several registry keys and creates several new files on the infected system.
The propagation of this worm is 100% preventable by ensuring organizations are not using weak passwords and limiting exposure of MSRDP interfaces.

Some preventative tips to help keep this worm from spreading... read more >