Morto Worm Menacing 87 Countries, Relies on Weak RDP Passwords

A new worm capable of hacking passwords of servers on Microsoft’s Remote Desktop Protocol has been discovered by security firms.

The worm, dubbed Morto by Microsoft, is designed to leverage RDP connections to try and guess passwords and logins of users.

In the light of the new worm, it has been revealed that IT administrators are extremely careless when it comes to setting passwords for servers carrying critical information.

According to reports, Morto, which has been linked to the recent rise in RDP traffic, attempts to log in to servers using a mix of easy to guess passwords like "12345," "admin," "password," and "test,"

Microsoft blog post reveals that the worm is affecting users in 87 countries worldwide. The company said that it was affecting 74 percent of affected machines have Windows XP while 14 percent run on Windows 7. Meanwhile, 10 percent of the affected systems run on Microsoft’s Windows Server products.

“It’s important to remember that this malware does not exploit a vulnerability in Remote Desktop Protocol, but instead relies on weak passwords (you can see the passwords used by Morto in our encyclopedia),” Microsoft informed.

“If you haven't already, check if these usernames are being used in your environment and change the associated passwords to ones that are strong (and definitely not on the password list),” the company advised.

Below is a snapshot of the detection rate as on Microsoft Blog.