New
#1
More RDP Worm Variants?
The ISC (Internet Storm Center, a part of SANS) has this posted as of a today:
With the release of the "Morto" worm last month [1], more attention is being paid to malware scanning for RDP . Today, we had a reader report a possible new version of the Win32/Morto RDP brute forcing worm. The worm was not detected by Anti-Virus, and does not appear to use c:Windows\temp\scvhosts.exe like Morto did. The network traffic appears to be similar to Morto in that it makes many connections from the same source port to the RDP port *3389/tcp.So far this is unconfirmed. If you find this, please contact ISC. See article:
ISC Diary | More RDP Worm Variants?
Regards,
GEWB