Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

New worm in wild! Morto targets port 3389

Notifications for Security Updates, as well as News and Information from across the web - mostly security minded.

Update Contributors: Members of the Malware Removal University.

Regular Members: Our Regular Members are invited to start and/or participate in all other topics. Join in and share the news that's important to you.

New worm in wild! Morto targets port 3389

Unread postby Sludge3000 » August 29th, 2011, 1:58 am

It’s retro day in the world of Internet security, with an Internet worm dubbed “Morto” spreading via the Windows Remote Desktop Protocol (RDP).

F-Secure is reporting that the worm is behind a spike in traffic on Port 3389/TCP. Once it’s entered a network, the worm starts scanning for machines that have RDP enabled. Vulnerable machines get Morto copied to their local drives as a DLL, a.dll, which creates other files detailed in the F-Secure post.


Story @ The Register
Brief report @ F-Secure

UPDATE:
Analysis by MMPC lists files and registry entries created, processes killed and details of known C&C servers. NB: The first IP address listed should be .82 in the last octet.
Last edited by Sludge3000 on August 29th, 2011, 3:52 pm, edited 1 time in total.
User avatar
Sludge3000
Regular Member
 
Posts: 695
Joined: April 15th, 2009, 3:47 pm
Location: Somewhere fluffy
Advertisement
Register to Remove

Re: New worm in wild! Morto targets port 3389

Unread postby Sludge3000 » August 29th, 2011, 1:58 am

ZB
User avatar
Sludge3000
Regular Member
 
Posts: 695
Joined: April 15th, 2009, 3:47 pm
Location: Somewhere fluffy


Return to News Desk



Who is online

Users browsing this forum: No registered users and 15 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware