Windows worm hacks 'easy' work passwords
By Ashley Curtis
30/08/2011
Workers should be ready to change their work passwords if a prevalent computer worm hits company networks.
The worm, dubbed 'Morto', by Microsoft and other security firms, has been labelled as a threat to firms who don't have adequate password protection.
In order to locate any connection to a company network, systems management software can target any recent unexplained connections - a symptom of the worm, according to Computer World - and lock them down.
Morto spreads using RDP (Remote Desktop Protocol) software to control one computer by connecting to it from another. These infected PCs then scan the network for other machines and try to log into the remote desktop software using a set-list of common passwords like 'abc123' or '123456'.
Other passwords on the list include admin, test, password, user, server and 1234567890, reports eWeek.
If one of the passwords work, the worm then downloads additional malware to the system and attempts to neutralise security software to remain hidden.
Hil Gradasevic, a researcher with the Microsoft Malware Protection Centre, highlights the importance of changing passwords: "This particular worm highlights the importance of setting strong system passwords. The ability of attackers to exploit weak passwords shouldn't be underestimated.
"Although the overall numbers of computers reporting detections are low in comparison to more established malware families, the traffic it generates is noticeable," he adds.
