A retro worm attack is underway that takes the unusual spin of employing the Remote Desktop Protocol (RDP) in Windows’ remote desktop connection feature as its attack vector.
Researchers from Microsoft, F-Secure, eEye Digital Security, and other organizations say the so-called Morto worm infects Windows workstations and Windows servers. It spreads by uploading a Windows DLL file to a targeted machine. The worm looks for weak administrator passwords in Remote Desktop on an organization’s network — everything from “12345” to “admin” and “password.”
Researchers say the attack could be used for various purposes, including distributed denial-of-service (DDoS) attacks against targeted organizations. “The remote control feature allows bot-like control of the infected machines and they can be used for basically any purpose,” says Mikko Hypponen, chief research officer of F-Secure Lab.