Internet Worm in the Wild

Published: 2011-08-29. Last Updated: 2011-08-29 12:53:18 UTC
by Kevin Shortt (Version: 1)
3 comment(s)

Well, the word is out.  Morto, the latest Internet worm has arrived and clearly has been working itself around for a while.  

After reading the write ups available, it would appear for now, that the network flood is the most substantial consequence for any network with infected hosts.    

Prevention looks to be easy.  I would not suspect any of our readers to fall victim to this worm, as it appears to take advantage of systems not complying to best practices.  Though that is not a proven fact yet, so stay vigilant.

The Microsoft Malware Prevention Center has a detailed write up on Morto here. [1]   Check it out and feel free to send us any samples via the contact form here.  

As always give us your comments and provide feedback on what is happening out there.


UPDATE:

Thanks to Don for keeping us up to date. MMPC has a new Morto variant write up. Check it out here. [2]

Keep the intel coming folks.  I'll continue to update as more info becomes available.


 

[1] http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FMorto.A
[2] http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32%2fMorto.gen!A

 

-Kevin
--
ISC Handler on Duty

 

Keywords: 3389 malware Morto
3 comment(s)

Comments

There's an error in the first IP listed (Remote host contacts) on the MMPC site. Last octet should be 82.

My company, MicroSolved, has released a free cross platform honeypot tool to identify hosts sending connection probes and performing 3389/TCP scanning. You can get it from here: http://stateofsecurity.com/?p=1785. Hope that helps folks.
http://www.invaderzim.tv/char.php?charid=mortos

Mortos der soul-stealer!

Diary Archives