Hi :)
FYI:
QuoteA new worm called Morto has begun making the rounds on the Internet in the last couple of days, infecting machines via RDP (Remote Desktop Protocol). The worm is generating a large amount of outbound RDP traffic on networks that have infected machines, and Morto is capable of compromising both servers and workstations running Windows.
Please read on here: http://threatpost.com/en_us/blogs/new-worm-morto-using-rdp-infect-windows-pcs-082811 (http://threatpost.com/en_us/blogs/new-worm-morto-using-rdp-infect-windows-pcs-082811)
Related links:
http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/31cf740c-818c-4863-8df9-0d9a1d6de6fc (http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/31cf740c-818c-4863-8df9-0d9a1d6de6fc)
http://www.f-secure.com/weblog/archives/00002227.html (http://www.f-secure.com/weblog/archives/00002227.html)
Also from Microsoft Malware Protection Center:
New worm targeting weak passwords on Remote Desktop connections (port 3389) (http://blogs.technet.com/b/mmpc/archive/2011/08/28/new-worm-targeting-weak-passwords-on-remote-desktop-connections-port-3389.aspx)
More on Morto (http://blogs.technet.com/b/mmpc/archive/2011/08/29/more-on-morto.aspx)
Test the passwords you use at Password Checker (https://www.microsoft.com/security/pc-security/password-checker.aspx) or http://www.passwordmeter.com/ .
The "Technical Information" tab of Encyclopedia entry: Worm:Win32/Morto.A (http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm:Win32/Morto.A) includes a list of usernames and passwords that Morto is checking.