Morto Worm: Stay Alert and Take Precautions Now Warns NetFort

London, UK 03 October 2011: NetFort the provider of network traffic management solutions, today warns businesses that the Morto worm is still a major threat to networks. The worm, which spreads via the Windows Remote Desktop Protocol (RDP) has the power to consume excessive network bandwidth and carry out denial of service attacks. Organisations should take action now if they are not to face serious security breaches in the future.

John Brosnan, CEO of NetFort comments: Malicious worms historically targeted systems that were running software containing some flaw in the system logic, such as a buffer overflow. The Morto worm is different in that it targets systems that are vulnerable because of weak administrator passwords such as letmein or password.

Although the worm does not seem to have caused widespread damage, it is still rated as a severe threat by Microsoft, and organisations should take action to protect themselves. The Morto worm also shuts down security applications running locally, which will leave the network even more vulnerable to other kinds of attack.

Consequently, NetFort recommends three main steps to prevent Morto from causing harm:

1. Every account should have a password, ideally with a minimum length of 16 characters including enforced complexity rules
2. If you have to enable RDP access to a system on your network, ensure that the firewall rule enabling this access is specific to an IP address or at worst a particular subnet. Firewall rules should be continuously monitored so that if the need for the rule is deprecated the rule is removed
3. Monitor your network so that you can detect if hosts on your network are infected and more importantly to identity how infected systems are coming on to your network

By following these steps businesses can not only avoid having passwords hacked and computers becoming infected but also ensure that company PCs are not used to launch denial of service attacks.