News

Morto Worm Attempts To Guess Network Passwords

Microsoft is warning of a new worm that attempts to use Remote Desktop Protocol (RDP) connections from PCs to try to guess simple login and password information of users.

Nicknamed "Morto," the worm is uploaded to a PC when a user uploads a Windows DLL file. It then goes to work, looking for unsophisticated passwords and login credentials by trying a list of the thirty most often used passwords (for example, password, admin, 1111, etc.).

"Once a new system is compromised, it connects to a remote server in order to download additional information and update its components," wrote Microsoft's Hil Gradascevic in a TechNet blog. "It also terminates processes for locally running security applications in order to ensure its activity continues uninterrupted."

Security firm F-Secure, which was responsible for alerting Microsoft to this new threat, speculated that the worm's main functionality is to carry out a denial-of-service (DoS) attack against specified targets. The company also pointed out that this worm may be difficult to locate. "As it is the malicious DLL that gets loaded, the regedit command does not show any graphic user interface (GUI) as it normally does," said F-Secure, in a threat bulletin. "It decrypts and loads the encrypted payload saved at HKLM\System\Wpa\md registry value. This is when the payload takes control."

While Microsoft has labeled the alert level of this possible intrusion as "severe," as of Saturday, only a few thousand PCs had been infected by Morto, with 74 percent of recorded infections occurring on Windows XP machines.

The company is recommending users make sure that they use unique passwords that feature both numbers, letters and symbols -- the worm only has a limited amount of simple passwords it scans for.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Vendors Issue Patches for Linux Container Runtime Flaw Enabling Host Attacks

    This week, the National Institute of Standards and Technology (NIST) described a high-risk security vulnerability (CVE-2019-5736) for organizations using containers that could lead to compromised host systems.

  • Windows 10 Version 1809 Users May Get Visual Studio Crashes

    Microsoft on Friday issued an advisory for Windows 10 version 1809 users about possible Visual Studio crashes.

  • Standardizing the Look of Outlook's Outbound Messages

    Microsoft typically gives users a blank canvas to compose new e-mails in Outlook. In some corporate environments, however, a blank canvas isn't a good thing.

  • Windows 10 'Semiannual Channel Targeted' Goes Away This Spring

    Microsoft plans to slightly alter its Windows servicing lingo and management behavior with its next Windows 10 operating system feature update release, coming this spring.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.