In this day and age, online security is indeed a matter of concern all over the world. In fact according to David DeWalt, CEO of anti-virus vendor McAfee Inc., cyber crime has now become a $105 billion business and is attracting more criminals than the illicit drug business. Every day, some or the other malicious content such as worms, applets containing viruses, etc is being developed and released over the Internet.
Recently, security companies have reported a new worm, which repeatedly tries to break into weakly secured servers. It is said that this new worm uses Remote Desktop Protocol (RDP) connections from PCs connected on a single network for the purpose of cracking the logins.
This worm is named Morto by Microsoft and Troj/Agent-TEE by Sophos. Morto displays a captivating combo of decency and straightforwardness in its quest to find probable victim server. When this hard to get detected worm manages to enter a system or server, it gets saved in svchost.exe file of Windows and then it initiates a RDP connection on port 3389. Then this worm goes through all the IP addresses it can find and tries connecting to them using a pre-defined and simple list of possible passwords. Sometimes when this works, Morto gets copied to the system and tries to gain Administrator access for the purpose of downloading further applets with malicious codes. Morto succeeds in its functioning only when a server has too weak a password.
However, there is one weakness in this worm itself as it tries to close some particular antivirus programs running in the background. The catch here is that most of the antivirus programs are designed in a way to defend against such activities and thus this worm comes under the notice of the antivirus as well as the user.
To safeguard the systems from such a worm, it is an advice to the corporations and businesses to implement strong passwords and a regular change of passwords is a must to follow policy. They should also have a strong defense mechanism at place with a combination of latest and updated antivirus software and firewalls to deal with such threats.