Home / malware Worm:Win32/Morto.B
First posted on 28 September 2011.
Source: SecurityHomeAliases :
Worm:Win32/Morto.B is also known as Backdoor/Win32/Morto (AhnLab), Trojan horse Small.CTF (AVG), W32/Morto (McAfee).
Explanation :
Worm:Win32/Morto.B is an encrypted form of Worm:Win32/Morto.A, a worm that allows unauthorized access to an affected computer. It spreads by trying to compromise administrator passwords for Remote Desktop connections on a network.
Top
Worm:Win32/Morto.B is an encrypted form of Worm:Win32/Morto.A, a worm that allows unauthorized access to an affected computer. It spreads by trying to compromise administrator passwords for Remote Desktop connections on a network.
Worm:Win32/Morto.B is installed by other malware and may be present with other files as part of its installation:
- %windows%\temp\ntshrui.dll
- <system folder>\sens32.dll
- c:\windows\offline web pages\cache.txt
As with Worm:Win32/Morto.A, this malware reads payload information from the registry key HKLM\SYSTEM\WPA\md that was also created by the worm dropper.
For more information about this worm, see the description for Worm:Win32/Morto.A elsewhere in the encyclopedia.
Analysis by Vincent Tiu
Last update 28 September 2011
