Irregular Expressions

Aug 29 2011   8:22PM GMT

RDP Worm

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I was toying with something like this a while ago, I was playing with the idea of being able to do this from a *nix box for VA purposes (With out the gui part, I just wanted a yes or no back).

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FMorto.A

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32%2fMorto.gen!A

It’s current state should not get many hosts, the list of passwords is limited.

*1234
0
111
123
369
1111
12345
111111
123123
123321
123456
168168
520520
654321
666666
888888
1234567
12345678
123456789
1234567890
!@#$%^
%u%
%u%12
1234qwer
1q2w3e
1qaz2wsx
aaa
abc123
abcd1234
admin
admin123
letmein
pass
password
server
test
user

Here is a list of hosts it will attempt to contact for updates.

210.3.38.82 
jifr.info 
jifr.co.cc 
jifr.co.be 
qfsl.net 
qfsl.co.cc 
qfsl.co.be 

Always check your firewall logs just to be safe.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: