Malware Lineup: New Moto Worm Variant; MS-CHAP Exploit Opens Wi-Fi

A new variant of the Morto worm has added file infection capability to its arsenal of weapons. While the original worm was able to compromise remote desktop protocol (RDP) connections by exploiting weak administrator passwords, a researcher with the Microsoft Malware Protection Center explained that the new variant “infects .EXE files found on fixed and removable drives as well as on default RDP and Administrative shares, but avoids infecting files that contain strings like ‘windows’, ‘winnt’, ‘qq’, ‘Outlook’, ‘System Volume Information’ or ‘RECYCLER’ in their path. Morto also leaves an infection marker, ‘PPIF’ in infected files.”   Read more at InfoSecurity Magazine.

A cryptography specialist has released tools for easily cracking passwords in wireless and virtual private networks that use a popular encryption protocol based on an algorithm from Microsoft called MS-CHAPv2. The tools crack WPA2 and VPN passwords used by organizations running networks protected by the PPTP (Point-to-Point Tunneling Protocol), which employs MS-CHAPv2 for authentication. 

This reveals all information traveling across the Wi-Fi network, including sensitive corporate emails and passwords, which can then be used to log in to corporate networks. While the tools are designed for penetration testers to check the security of their WPA2 protected networks and VPNs, they could also be used by cyberthieves to gain unauthorized network access.  Read more at CNET.

Tags: , , , ,

Leave a Reply

You must be logged in to post a comment.