Currently, this malicious worm can infect both Windows-based workstation and server. This has been reported generating a lot of network traffics through RDP(Remote Desktop Protocol) port.
2. Spreading path and symptoms of infection
This malicious worm can be spread through RDP, we mentioned above, and tries to access remote connection with using exposed or simply-combined administaration passwords. In this process, it can damage new system or can download additional malicious file and execute. Furthermore, it makes a lot of traffics on certain port (3389/TCP) on accessing network connection.
Once infected by "Morto", it will scan local network's RDP port for remote connection. And then, while victim computer is connected by remote system, remote PC will copy itself to victim's certain drive after file sharing function will be activated.
Following paths have been known as the destination of copied files.
Generated "sens32.dll" file will be added registry value, and it will work on booting.
Infected PC will be remain on subnet network, and tries to login other systems with using following general passwords.
3. How to prevent
To use PC safely from security threats of these malicious worms, we recommend following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Anti-Virus/Spyware” for detecting such as malicious file stated above and runs responding system against various security threats.