1. /
  2. Security Response/
  3. W32.Morto

W32.Morto

Risk Level 2: Low

Discovered:
August 28, 2011
Updated:
August 29, 2011 8:41:16 AM
Also Known As:
Win32/Morto.A [Microsoft], W32/Morto.A [F-Secure], Mal/Morto-A [Sophos], WORM_MORTO.SMA [Trend], WORM_MORTO.SM [Trend], Net-Worm.Win32.Morto.c [Kaspersky]
Type:
Worm
Infection Length:
50,372 bytes
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
W32.Morto is a worm that attempts to spread using the Remote Desktop Protocol.

For more information, please see the following resource:
Morto worm sets a (DNS) record

Antivirus Protection Dates

  • Initial Rapid Release version August 28, 2011 revision 032
  • Latest Rapid Release version June 18, 2014 revision 004
  • Initial Daily Certified version August 29, 2011 revision 002
  • Latest Daily Certified version June 18, 2014 revision 016
  • Initial Weekly Certified release date August 31, 2011
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium
  • Modifies Files: Replaces the %System%\sens.dll file with a copy of itself.
  • Compromises Security Settings: Attempts to end certain security processes.

Distribution

  • Distribution Level: Medium
  • Target of Infection: Attempts to spread through RDP.
Writeup By: Jeet Morparia and Takashi Katsuki

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver