Recommended Actions for Morto Best practices,which can mitigate the spread of this worm:
* Limit access to RDP from public Internet sources. * Limit access to RDP from internal sources where possible. * Ensure strong passwords are in use,especially for administrative accounts. * Limit administrative access via RDP. * Monitor for inbound RDP activity that may be indicative of attempted compromise. * Monitor for outbound RDP activity that may be indicative of active infections. * Monitor for outbound communications to known Command and Control servers and domains. @ GANSEC Cheers, 0xN41K On Sep 12, 10:39 am, Srinivas Naik <[email protected]> wrote: > Hi G33Ks, > > A worm using RDP in Windows is massively spreading. Its named as "Morto". > > Reference:http://www.f-secure.com/weblog/archives/00002227.html > > Now, we can detect this using NMAP :http://nmap.org/ncrack/ > > Also find list of usernames/passwords it's trying to use for connectivity. > :) > > Keep ensured ....... > > Cheers, > 0xN41K -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
