December 10, 2016

Worm Tries to Crack Weak Passwords on Remote Desktops Connections

(LiveHacking.Com) – Microsoft has published details of a worm called Morto which attempts to break into remote servers which use the Windows Remote Desktop. The worm attempts to compromise the systems by exploiting weak administrator passwords. Once a new system is compromised, it connects to a remote server in order to download additional information and update its components. It also terminates processes for locally running security applications in order to ensure its activity continues uninterrupted.

As with all accounts (both local and remote) it is essential for users and system administrators to set strong passwords. According to Microsoft the worm tries the following passwords:

*1234
0
111
123
369
1111
12345
111111
123123
123321
123456
168168
520520
654321
666666
888888
1234567
12345678
123456789
1234567890
%u%
%u%12
1234qwer
1q2w3e
1qaz2wsx
aaa
abc123
abcd1234
admin
admin123
letmein
pass
password
server
test
user

Microsoft are reporting that although the overall numbers of computers reporting detections are low in comparison to more established malware families, the traffic it generates is noticeable.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks