Microsoft warns of new Windows Morto worm spreading via RDP

By Tom Warren, on 30th Aug 11 2:48 pm with 35 Comments

Microsoft is warning system admins to beef up their password security in light of a new Windows worm.

The worm, named Morto, was first detected over the weekend by F-Secure chief research officer Mikko Hyppönen. “We don’t see that many internet worms these days,” explained Hyppönen in a blog post on Sunday. “We just found a new internet worm, and it’s spreading in the wild.” The worm uses Microsoft’s Remote Desktop Protocol (RDP) to access remote machines. Morto starts scanning machines on local networks for machines that have RDP enabled over port 3389/TCP. Once the worm finds machines that have RDP enabled it attempts to access the machine using several different default admin usernames and passwords such as “pass” and “12345″.

Microsoft admitted that the worm was causing headaches for system administrators that have “less than ideal” password policies. “The number of computers reporting infections or infection attempts continues to remain quite low,” said Microsoft’s Matt McCormack. Microsoft’s Malware Protection Center has only detected a few thousand unique computers that report the issue. Consumer and corporate machines in 87 countries have been affected so far and 74% of infected machines are running Windows XP. “It’s important to remember that this malware does not exploit a vulnerability in Remote Desktop Protocol, but instead relies on weak passwords,” explained McCormack. “The role that passwords play in securing an organization’s network is often underestimated and overlooked. We encourage people to use strong passwords to help protect their systems.”

  • GP007

    So the problem in the end is with the users and their weak passwords.  Gottcha

    • Guest

      yup

    • http://www.winrumors.com Tom W

      Ha yeah, pretty much :)

  • PET-BEDE

    Anyone that still uses Admin for USERNAME and 12345 for PASSWORD, need to stop doing update on His or Her computer and plug some cables to HIMSELF or HERSELF and update HIS or HER whole SELF. xD

    • Anonymous

      At least do something like: admin:password

  • Anonymous

    1, 2, 3, 4, 5? That’s amazing! I’ve got the same combination on my luggage!

    • BieberHole69

      SPACEBALLS!! +1

    • BieberHole69

      SPACEBALLS!! +1

    • http://twitter.com/laserfloyd Lewis McCrary

      XD

  • Anonymous

    1, 2, 3, 4, 5? That’s amazing! I’ve got the same combination on my luggage!

  • Frylockns86

    1A, 2B, 3C – *Head explodes*

  • Frylockns86

    1A, 2B, 3C – *Head explodes*

  • Dsaf
  • Dsaf
  • Aaron

    Further proof that humans are the weakest link in any IT security.  Still though, I bet some idiot 13 year olds will post in all caps about how this is Microsoft’s fault and we should all switch to Linux.

    • Timothy Neinhardt

      Baah, or some iSheep talking about imprescriptible iOS or Macs of their.
      Talking about that, I have just unistall some kind of “MacProtector” malware over 50 Macs.

    • Anonymous

      So, your IT guys gave each Mac user “allow to administer this computer” privileges. Why? No administer privilege means no ability to install malware. Sounds like you guys have really bad IT policy to me.

    • Timothy Neinhardt

      All in the days’ works. Boss ask it, we do it, can’t argue, that’s the life.
      Totally agree, administrator privileges for non-professional users is failed.

    • Anonymous

      Sucks dealing with bosses sometimes. As you said, that’s life..

    • Anonymous

      Sucks dealing with bosses sometimes. As you said, that’s life..

  • http://twitter.com/samitermanini Sami Termanini

    I’ve got some hard password I can’t belive I can remember it :)

  • Anonymous

    With Windows 8 i hope it is a virus free OS, and let  all existing Windows virus not work on it.
    People shouldnt have fear of virus attacking Windows 8
    Like Mac OS , something like that should happen
    I dont care what they do, they should make it happen and of course, they shouldnt make the UAC annoying

    • Donaldstmaurice

      are you serious or joking?

    • Donaldstmaurice

      are you serious or joking?

    • Anonymous

      I said I hope
      It would be cool to use win 8 without having fear for viruses .

    • Timothy Neinhardt

      Different from Macs, Windows gives acess to root of it for its program, thus making itself vulnerable to attacks. Macs, on the other hand, seal off deep controls, making harder for deep integration, means less (BUT NOT FREE) of viruses.
      The problem is no one use Macs (well, before to uprise of iDevices) so hackers don’t need to shed some sweat to exploit Macs, Windows are more lucrative.
      I would be happy to see Windows have some virus, no secruity is perfect, it would justifies that Windows still dominate and Macs are deserted island. Do you see any buglar on a deserted island?

    • Anonymous

      On Macs, root is not generally available directly, as it shouldn’t be on any properly configured system. It does not affect integration in any way. Apps should not need to run as root. They should run as the user who runs them. When using remote access, the app should use the login credentials as the user credentials, thereby preventing problems beyond that user.

      Saying that the reason there are no viruses is market share is just as dumb as the idea that this password issue is a Windows vulnerability.

      Linux systems, which run the net, are also free of exploits, yet are much more valuable targets. They are not lucrative targets because they are too hard to hack and almost impossible to turn into zombies to create botnets, unlike Windows.

      And, please tell us of the Mac viruses in the wild. While you’re at it, how about the Linux viruses too.

    • Timothy Neinhardt

      For Linux, naah, you might right, I got nothing.
      For Mac, I’d say a malware, though, not a virus, name MacProtector.
      You have somepoint, I give it up to you.

    • Timothy Neinhardt

      On the second thoughhttp://en.wikipedia.org/wiki/Linux_malware
      I was too hasty. They are even many more than Macs’.

    • Anonymous

      You’re link is bad. Can you fix it?

    • Timothy Neinhardt

      http://en.wikipedia.org/wiki/Linux_malware

      Sorry, trashing the broad >.<"

    • Anonymous

      This is the internet and you are wrong. At the most recent black hat convention in Las Vegas, various security researchers warned macusers that as soon as server like services are enabled on osx, you’re toast. http://www.v3.co.uk/v3-uk/news/2099257/black-hat-isec-condemns-network-security
      There is also a major LDAP security vulnerability that once again proves macs are not inherently secure by virtue of the os architecture. http://news.softpedia.com/news/Avoid-Using-OS-X-10-7-Lion-Until-LDAP-Vulnerability-is-Patched-Security-Experts-Say-219268.shtml

      On Mac there is definitely “security through obscurity”. On Win7 viruses don’t install themselves while connected on the internet or even downloading malicious files. The problem lies between the chair and the monitor screen. “Admin accounts” that click on all kind of scripts and install all kind of programs. It is user interaction that infects Win and not Win itself gets plagued by virtue of the NT architecture. Those scripts and programs are created for win because simply there is a higher chance of success. Worldwide no one gives a rat’s ass about OSX; its marketshare is 5%; considering half of macs reside in the US where marketshare is 11%, excluding US, there is even lower than 5% osx marketshare. Win7 believe it or not, is built with security in mind and it is inherently MORE SECURE than osx or any open linux(except those compiled with security in mind). On nix root access is not as straight forward as on Win admin accounts are created. Users infect OSes by executing malicious programs and allowing them access and not OSes infect themselves. 

    • Anonymous

      I asked for info about Mac and Linux viruses that are actually in the wild. Your rhetorical argument has done nothing to address this question.

      No matter how vulnerable people can “prove” an OS is, it matters for naught if there are no exploits in the wild.

      If you decide to compare, provide us with the number of Mac, Linux, and Windows viruses in the wild. Not “proof of concept” viruses. Only those that have actually infected systems. Adjust for market share if you like. Then provide the results.

      If you intend to continue on the rhetoric path, remember that Sophos stated that Windows 7 was vulnerable to 80% of viruses. Not a glowing report for your “secure” OS.

  • Anonymous

    Explain me how OS X would protect against this.

  • Anonymous

    Explain me how OS X would protect against this.