Welcome Guest [Log In] [Register]

Kia Ora
You are currently viewing our forum as a guest. This means you are limited to certain areas of the board and that there are some features you can't use or read.

We are an active community of worldwide senior members participating in chat, politics, travel, health, blogging, graphics, computer issues & help, book club, literature & poetry, finance discussions, recipe exchange and much more. Also, as a member you will be able to access member only sections, many features, send personal messages, make new friends, etc.

Registration is simple, fast and completely free. Why not register today and become a part of the group. Registration button at the very top left of the page.

Thank you for stopping by.

Join our community!

In case of difficulty, email worldwideseniors.org@gmail.com.
If you're already a member please log in to your account to access all of our features:

Username:   Password:
Add Reply
Worm spreads via Windows Remote Desktop
Topic Started: Aug 30 2011, 06:48 PM (32 Views)
Deleted User
Deleted User

Quote:
 
29 August 2011, 14:27
Worm spreads via Windows Remote Desktop

Anti-virus software vendor F-Secure is warning of a piece of malware by the name of Morto, which spreads using Windows' Remote Desktop Server (RDP server). It does not exploit a Windows security vulnerability; instead, it scans IP address ranges for RDP port 3389 and then tries to log in as an administrator to any computers which respond using a list of common passwords.

The worm primarily infects Windows servers, where RDP is frequently activated and accessible via the web to allow remote maintenance. On non-server versions of Windows, RDP server is only included in higher priced versions (Professional and up, under Windows 7) and is deactivated by default. In such a case the port is only accessible from the web if port forwarding has been specifically set up for this port on the router. If port forwarding is not set up, a system will only be accessible from other infected computers on the network.

To infiltrate a system permanently, the worm creates an A:\ drive, which can then be addressed as a network share via RDP. It then saves a file a.dll to the network share; this file then initiates the infection. The worm then goes on to create more files including \windows\system32\sens32.dll and \windows\offline web pages\cache.txt.


More details here - http://www.h-online.com/security/news/item/Worm-spreads-via-Windows-Remote-Desktop-1332673.html
Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
« Previous Topic · ALERTS, UPDATES, WARNINGS, NEWS · Next Topic »
Add Reply