Alerts

Voldemort

New worm Morto infections ramp back up

 

The recent discovery of Morto.A and Morto.B worms shows, once again, that old school tips and tricks are doing fine and keep on being quite productive. The Morto family’s purpose is to cripple your system, paralyze your traffic and, ultimately, allow a remote attacker to take control of the machine.

After Morto penetrates a computer, it starts checking for any other machine in the network with a Remote Desktop Connection enabled, creating a huge amount of traffic over port 3389. If Morto discovers an RDC, it attempts to establish a connection through brute force and replicate itself on the machine it has breached.

The nasty part is that, once it succeeds, it terminates several antimalware product processes, leaving the infected machine completely defenseless. Moreover, it connects to remote hosts for updates and awaits instructions to trigger denials of service on specific targets.

Most interesting, however, is the pace of Morto’s spread in recent days. According to statistics, it looks like Morto.B infections dramatically dropped on September 3rd. After anascending curve in the first two days of September, most likely because of its public disclosure, Morto.B fell by 1736.09 percent when compared to its status on the first autumn day. The 4th, 5th and 6th day of this month marked the first recovery after its sudden decline, Morto.B gaining back a bit more than one third (901.18 percent) of the machines it lost in the previous days. It is quite probable that its rise will continue in coming days as the worm takes advantage of the unpatched and unprotected systems out there.

As the digital Expelliarmus works both ways, I suggest you install a reliable antimalware solution in order to protect your system. You wouldn’t want Morto’s Avada Kedavra curse on your machine, trust me!

One more thing: please allow me to express my gratitude towards my colleague from Antimalware Lab, Ioan-Alexandru Baetu, who generously and patiently helped me getting the wizardly statistical data.

Safe surfing everybody!

 

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

 

ENDS

About the author

Răzvan LIVINTZ

With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on www.hotforsecurity.com.

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples http://martzipan.blogspot.com), messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.