A malicious new worm is infecting Windows-based computers according to top online security companies. Classified as "Morto" - which means death - it can muck up the works of networked PCs. But are everyday web denizens likely to be affected?
F-Secure posted the discovery of Morto at its blog on Sunday. Mikko Hypponen, Chief Research Officer, was surprised by the nature of the new malware.
"We don't see that many Internet worms these days," wrote Hypponen. "It's mostly just bots and trojans."
Morto uses Windows' Remote Desktop Protocol (RDP) to spread from computer to computer along a networked group explained Hypponen, who added that this particular infection method is new. Its success hinges on cracking weak passwords - something it attempts upon infiltration through brute-force.
"Once a machine gets infected, the Morto worm starts scanning the local network for machines that have Remote Desktop Connection enabled. This creates a lot of traffic for...the RDP port," said Hypponen. "When Morto finds a Remote Desktop server, it tries logging in as Administrator and tries a series of passwords."
An intelligent worm, Morto can render anti-virus processes ineffective by simply turning them off.
While F-Secure noted that Morto was "spreading in the wild," SophosLabs believes otherwise.
"SophosLabs has received a very low number of reports of this worm being seen in the wild," confirmed Paul Baccas, Senior Threat Researcher, at the company's Naked Security blog.
Baccas speculated on just why that is, taking a vague swipe at other security companies in the process.
"Possible reasons for the low number of Morto reports may be that Sophos customers have chosen better passwords on their shares, or because Sophos products had detection relatively early on for this compared to some competitors," said Baccas.
The expert offered proof Sophos had detected Morto late last week, and that other aspects of the worm were discovered earlier this month.
Baccas promised the company would combine all of the above moving forward to better protect against it, and offered some precautionary common-sense advice:
"If your network relies upon poorly chosen passwords such as 'password,' or sequences of letters or repeated numbers then you could be at risk. Therefore, it's not possible to emphasize enough the importance of using sensible passwords on your network."
