-
Discovered:
- August 28, 2011
-
Updated:
- August 29, 2011 8:41:16 AM
-
Also Known As:
- Win32/Morto.A [Microsoft], W32/Morto.A [F-Secure], Mal/Morto-A [Sophos], WORM_MORTO.SMA [Trend], WORM_MORTO.SM [Trend], Net-Worm.Win32.Morto.c [Kaspersky]
-
Type:
- Worm
-
Infection Length:
- 50,372 bytes
-
Systems Affected:
- Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
W32.Morto is a worm that attempts to spread using the Remote Desktop Protocol.
For more information, please see the following resource:
Morto worm sets a (DNS) record
Antivirus Protection Dates
-
Initial Rapid Release version August 28, 2011 revision 032
-
Latest Rapid Release version February 19, 2013 revision 016
-
Initial Daily Certified version August 29, 2011 revision 002
-
Latest Daily Certified version June 18, 2012 revision 002
-
Initial Weekly Certified release date August 31, 2011
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 0 - 49
-
Number of Sites: 0 - 2
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Easy
Damage
-
Damage Level: Medium
-
Modifies Files: Replaces the %System%\sens.dll file with a copy of itself.
-
Compromises Security Settings: Attempts to end certain security processes.
Distribution
-
Distribution Level: Medium
-
Target of Infection: Attempts to spread through RDP.
Writeup By: Jeet Morparia and Takashi Katsuki
