"Death Worm"
It's the 90s all over again as a 'death worm' (Morto Worm) is squirming through the internet knocking on RDP ports (3389/TCP). In this day and age an attack as simplistic as this one, it replies on brute forcing admin accounts from a predefined username password list, shouldn't be able to infect any corporate machine....right?
Microsoft have some more info on this retro attack, including listing the usernames it attacks:
1
actuser
adm
admin
admin2
administrator
aspnet
backup
computer
console
david
guest
john
owner
root
server
sql
support
support_388945a0
sys
test2
test3
user
user1
user5
...and the passwords:
*1234
0
111
123
369
1111
12345
111111
123123
123321
123456
168168
520520
654321
666666
888888
1234567
12345678
123456789
1234567890
!@#$%^
%u%
%u%12
1234qwer
1q2w3e
1qaz2wsx
aaa
abc123
abcd1234
admin
admin123
letmein
pass
password
server
test
user
If you are using any of those passwords (especially on Windows boxes), change them immediately and go sit in the naughty corner for half an hour.
0 Response to ""Death Worm""
Post a Comment