Morto – Remote Desktop Protocol (RDP) Worm Alert

A new computer worm called “Morto” is infecting Windows computer systems via the Remote Desktop Protocol (RDP) and exploiting weak system passwords.

Does this affect you?
If you use Remote Desktop Protocol to connect to any remote network or server then potentially yes, it does.

How can you reduce the risk of being affected by this?
Using strong passwords (I.E. passwords that are typically over 8 characters long and contain a mix of alphanumeric characters, caps/lower case and symbols) will reduce the chance of your password being guessed by an intruder or malware.
Minimising the number of accounts that have RDP permission will give intruders fewer accounts to hack.

A good way to remove the need to have an Internet facing RDP accessible account altogether is to implement a VPN (Virtual Private Network) system to securely connect to your network from remote locations.

What happens if I get compromised?
Aside from adding the compromised machine to a botnet (see here for a description) an attacker could potentially have total control over the target machine, access to other network devices and data stores.

Further information:
To be vulnerable the target system needs to have the RDP service enabled and the Windows administrator account configured to use a weak password such as “123”, “letmein” or “password”. The SANS Internet Storm Centre has noticed a large spike in the amount of RDP scan traffic. Microsoft has released details about the worm with a severity level rated as severe, its highest alert level.