Imperva ADC dissects the Morto worm

(PresseBox) - 11 - Tomer Bitton, Independent Reverse Engineer at Imperva's Application Defense Center (ADC) has updated the Imperva Blog by dissecting the Morto worm.
MORTO Post Mortem: Dissecting a Worm: http://blog.imperva.com/2011/09/morto-post-mortem-a-worm-deep-dive.html
"Morto has been in the headlines, for good reason. This worm is unique as it exploits Microsoft's remote desktop protocol (RDP). It doesn't exploit any specific vulnerability, it simply relies on people installing the worm and then it uses a brute force password attack to gain access to systems. It is the first time we've seen something like this. The malware itself is sophisticated even if the method of proliferation isn't.
Once again, we have an example highlighting the importance of good passwords. Blocking the spread of this worm relies on using a sophisticated password that isn't on the worm's dictionary list. Tomer's malware dissection shows the 103 passwords that made Morto's dictionary, including complicated, sneaky ones like '111111', 'david', 'admin2', '123456' and -shockingly -'rockyou'. Nearly two years after being published, the RockYou password list continues to be used by hackers in brute force password dictionaries.
One thing we determined from looking at the worm was origin. Looking at DNS information, the worm seems to have originated from China, Hong Kong and Australia."
Follow the Imperva blog for the full story complete with graphics, including a never-seen-before spreading vector, Remote Desktop Protocol (RDP).

Unternehmensinformation / Kurzprofil:
Bereitgestellt von Benutzer: PresseBox
Datum: 08.09.2011 - 13:32 Uhr
Sprache: Deutsch
News-ID 62723
Anzahl Zeichen: 1632

contact information:
Town:

Redwood Shores

Kategorie:

Hazadous Materials Management

Diese Pressemitteilung wurde bisher 275 mal aufgerufen.


Die Pressemitteilung mit dem Titel:
"Imperva ADC dissects the Morto worm"
steht unter der journalistisch-redaktionellen Verantwortung von

Imperva Inc. (Nachricht senden)

Beachten Sie bitte die weiteren Informationen zum Haftungsauschluß (gemäß TMG - TeleMedianGesetz) und dem Datenschutz (gemäß der DSGVO).

Imperva analysis of why writing is on the wall for SHA1 encryption ...

12 - In recent reports it has been found that SHA1, a widely used cryptographic algorithm used to secure sensitive websites, software, and corporate servers is weak enough that well-financed criminals could crack it in the next six years. Bel ...

Imperva Introduces SharePoint Security Capabilities to Secure Against Web Attack ...

12 - Imperva, Inc. (NYSE: IMPV), a pioneer and leader of a new category of data security solutions for high-value business data in the data center, today announced SecureSphere for SharePoint 9.5, enhancing compromised insider protection, and automat ...

Imperva Report Details Automated Web Application Attacks ...

12 - Imperva, Inc. (NYSE: IMPV), a pioneer and leader of a new category of data security solutions for high-value business data in the data center, today released its April Hacker Intelligence Report Automation of Attacks, which analyzes how and why ...

Alle Meldungen von Imperva Inc.