The Morto worm attempts to compromise RDP connections in order to penetrate remote systems by exploiting weak administrator passwords, Microsoft explained in a blog.
Once the new system is compromised, it connects to a remote server in order to download additional information and update its components. The worm also terminates processes for locally running security applications in order to ensure its activity continues uninterrupted.
“This particular worm highlights the importance of setting strong system passwords. Using strong passwords can go a long way towards protecting your environment – and the ability of attackers to exploit weak passwords shouldn't be underestimated”, wrote Hil Gradascevic with the Microsoft Malware Protection Center.
Gradascevic explained that a strong password is long and has letters, punctuation, symbols, and numbers; uses at least 14 characters or more; has a great variety of characters; and uses the entire keyboard.
Microsoft said the overall number of computers reporting detections is low in comparison to more established malware families, but the traffic it generates on port 3389 is noticeable. It said a reboot may be required in order to complete the cleaning process.