(LiveHacking.Com) – Microsoft has published details of a worm called Morto which attempts to break into remote servers which use the Windows Remote Desktop. The worm attempts to compromise the systems by exploiting weak administrator passwords. Once a new system is compromised, it connects to a remote server in order to download additional information and update its components. It also terminates processes for locally running security applications in order to ensure its activity continues uninterrupted.
As with all accounts (both local and remote) it is essential for users and system administrators to set strong passwords. According to Microsoft the worm tries the following passwords:
Microsoft are reporting that although the overall numbers of computers reporting detections are low in comparison to more established malware families, the traffic it generates is noticeable.