RDP Virus

ddrueding · Aug 28, 2011

https://threatpost.com/en_us/blogs/new-worm-morto-using-rdp-infect-windows-pcs-082811

Seems to only be a dictionary attack against the default port (3389). So have good passwords and don't use the default port.

The port can be changed in the registry here:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber

Stereodude · Aug 28, 2011

Lovely... I only have one PC that's internet accessible with RDP, but it was on the default port. The password is definitely not going to be broken with a dictionary attack, but I've changed the port from the default none the less.

ddrueding · Aug 28, 2011

The attacks that favor servers are always more brutal IMHO. Mainly because these machines are usually always-on and can be attached to massive pipes.

Mercutio · Aug 29, 2011

It would be relatively trivial to add a port scan to such an attack to find the RDP port. It's really not worth the hassle to move it. You're better off not exposing RDP externally in the first place, but that can be an issue if you have some obnoxious client that can't handle the VPN protocols available with whatever end-point you're using.

But the strong passwords thing still holds, obviously.

Howell · Aug 29, 2011

If you front your TS connections with a TS Gateway server you will also not have a problem. Not only is it more informtion you have to know but only 443 is exposed.

Mercutio · Aug 29, 2011

In the history of ever and for all my clients, I still only have six Server 2008 machines in production. At least one machine I'll have to update this year will probably still be Server 2003, though I'm going to try to get away with virtualizing it one way or the other.

Howell · Aug 29, 2011

FYI, you can front 2003 boxes with a 2008 gateway.

Mercutio · Aug 29, 2011

The problem is, no one really wants Server 2008.

ddrueding · Aug 29, 2011

I'm perfectly happy with 2008, and am updating all the servers as the underlying software is updated. I still need to figure out how to set up a RDP gateway.

Mercutio · Aug 29, 2011

My customers have the same issues with 2008 as they do with Vista/Win7, which is that some of their stuff doesn't run for one reason or other.

ddrueding · Aug 29, 2011

I'm just upgrading as I go. The first one was a requirement of a vendor, and now 2008 is the default.

RDP Virus

ddrueding

Fixture

Stereodude

Not really a

ddrueding

Fixture

Mercutio

Fatwah on Western Digital

Howell

Storage? I am Storage!

Mercutio

Fatwah on Western Digital

Howell

Storage? I am Storage!

Mercutio

Fatwah on Western Digital

ddrueding

Fixture

Mercutio

Fatwah on Western Digital

ddrueding

Fixture