Skip to main content

Morto Worm Menacing 87 Countries, Relies on Weak RDP Passwords

A new worm capable of hacking passwords of servers on Microsoft’s Remote Desktop Protocol has been discovered by security firms.

The worm, dubbed Morto by Microsoft, is designed to leverage RDP connections to try and guess passwords and logins of users.

In the light of the new worm, it has been revealed that IT administrators are extremely careless when it comes to setting passwords for servers carrying critical information.

According to reports, Morto, which has been linked to the recent rise in RDP traffic, attempts to log in to servers using a mix of easy to guess passwords like "12345," "admin," "password," and "test,"

Microsoft blog post (opens in new tab) reveals that the worm is affecting users in 87 countries worldwide. The company said that it was affecting 74 percent of affected machines have Windows XP while 14 percent run on Windows 7. Meanwhile, 10 percent of the affected systems run on Microsoft’s Windows Server products.

“It’s important to remember that this malware does not exploit a vulnerability in Remote Desktop Protocol, but instead relies on weak passwords (you can see the passwords used by Morto in our encyclopedia),” Microsoft informed.

“If you haven't already, check if these usernames are being used in your environment and change the associated passwords to ones that are strong (and definitely not on the password list),” the company advised.

Below is a snapshot of the detection rate as on Microsoft Blog (opens in new tab).

Ravi Mandalia

Ravi Mandalla was ITProPortal's Sub Editor (and a contributing writer) for two years from 2011. Based in Ahmedabad, India, Ravi is now the owner and founder of Parity Media Pvt. Ltd., a news and media company, which specializes in online publishing, technology news and analysis, reviews, web site traffic growth, web site UI. Ravi lists his specialist subjects as: Enterprise, IT, Technology, Gadgets, Business, High Net Worth Individuals, Online Publishing, Advertising, Marketing, Social Media, News, Reviews, Audio, Video, and Multi-Media. He has also previously worked as Dy. Manager - IT Security at (n)Code Solutions.