allen2 Posted August 30, 2011 Posted August 30, 2011 I wasn't infected nor seen any case of infection yet but everyone should be extra-careful as this new worm could spread using hole in rdp.Here is the thread at MS Technet.Description of this worm is there.At this time most antivirus doesn't even detect it (so automatic removal isn't an option).
Tripredacus Posted August 30, 2011 Posted August 30, 2011 Would it be wise to block RDP ports on systems that aren't configured to use it, at least until a common fix is available for this worm?
allen2 Posted August 30, 2011 Author Posted August 30, 2011 Yes it would be very wise to filter at list from source ips and block when not needed.Although MS say it use a dictionary attack on weak passwords, it seems it was able to spread on other system as well.It seems almost every years (or so) a real bad worm spread in august (the only exception is conficker).
Tripredacus Posted August 31, 2011 Posted August 31, 2011 I was reading about this on Sophos, but they seem to be saying there is more talk about this than actual reported infections. Although that may be related to most scanners' inability to detect it.
allen2 Posted August 31, 2011 Author Posted August 31, 2011 Yes that might be true but anyway, being aware of such suspicious behavior might help avoid hours of diagnostic.
ricktendo Posted September 1, 2011 Posted September 1, 2011 (edited) I have a friend who got this recently Edited September 1, 2011 by ricktendo64
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now