Symantec Researcher Detects Fresh Morto Worm VariantJoji Hamada security expert at Symantec the security company has detected the Morto virus in a new variant, which apparently parses requests via an Internet gaming server of Chinese make. Infosecurity-magazine.com published this on September 21, 2011. Morto, according to Hamada, hit the news for the first time during August 2011 when it proliferated through Windows RDP (Remote Desktop Protocol). No other computer-worm had ever utilized this protocol. Nonetheless, Morto's uniqueness as above isn't the sole one for it. Cathal Mullaney a colleague of Hamada too found that W32.Morto was first to utilize DNS (Domain Name System) records so that commands could flow to the malware from its controller, Hamada adds. He then continues that ever-since Morto's finding, the worm is being closely watched along with the commands issued to it via DNS queries. But, there hasn't been any worthwhile performance from the downloaded folders over the 21-days time-span, Hamada states. He also states that the newest variant bears the identical features of the earliest version of W32.Morto like its obfuscation method or its activity of saving data, post encryption, within the registry, but doesn't any more contain the built-in mechanism of spreading through RDP. Presently, W32.Morto performs a highly-interesting operation i.e. it parses via a gaming website's index pages where the website displays a list of ZhuXian the widely played Chinese Internet game's server emulators' online status, Hamada additionally says. Symantec.com published this on September 19, 2011. To describe server emulators, they're intermediary party-run servers that provide a field distinct from that by the game's actual creator. With the completion of the first act of parsing, Morto asks the subsequent web-page within the sequence of different parses as well as hunts for "Please answer the following question" given in Chinese language. Once this Chinese text becomes available, Morto then tries to hunt the web-page to obtain an online submission form, a probable tactic for bypassing CAPTCHAS. And though Hamada goes on investigating for finding out the attack's eventual objective, he says in the end that W32.Morto is an exclusive malware item for assessing, while the incentive behind its assault is typically monetary benefits. Related article: Sentence for American Contractor for Sabotaging Government Navy Computers ยป SPAMfighter News - 10/1/2011 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
