There are media sources cited foreign antivirus manufacturer F-securer Official blog article, said that Windows Remote Desktop Worm Morto is spreading, may allow hackers remote access to computer control rights. Jinshan Poison PA In early August has captured the sample to implement the killing, and built-in black wall can also completely intercept hacker attacks.
According to Jinshan Poison PA safety Engineer, this is called Morto Worm, is a hacker attacks Remote Desktop services, a worm, its behavior is very similar to the Chinese hackers commonly used in 3389 batch of chicken tools. In early August this year, the virus has appeared in China, and Jinshan poison PA also took the lead in implementing the killing.
Figure 1 Jinshan Poison pa Cloud Database search found August 8 can be killing Morto worm virus
"The Morto worm will remotely scan the computer that opened port 3389 (remote service communication port) and guess the administrator weak password." "Jinshan Poison PA Safety engineer said, if the remote computer happened to use a simple easy to guess the password, it will lead to computer hackers remote control, basically the user computer to be manipulated by hackers."
Experts point out that the default Remote Desktop services to open a large number of computers, Remote Desktop Services is an important tool for Windows System Management, system administrators often use Remote Desktop services, remote management of the computer.
Figure 2 effect display for Remote Desktop management
Because the remote service is very powerful, hackers most like to attack on port 3389. The tragedy is that in China there is a large number of pirated organizations issued by the Windows operating system, these systems default administrator password is empty. Such a system, very easy to be invaded.
Jinshan Poison Fighter engineers point out that in order to address these potential security risks. Jinshan Poison PA 2012 built a golden Hill black wall to detect and intercept hackers remote attacks. Statistically, about 10% of computers are routinely scanned by hackers (scans are a prelude to intrusion to detect vulnerabilities that can be compromised). These attacks have been successfully defended by Jinshan anti-black wall, so kingsoft users do not have to worry about the Morto worm virus.