[AusNOG] Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
Scott A. McIntyre
scott at howyagoin.net
Sat Jan 14 09:28:35 EST 2012
Hi James,
> Just posting to see if anyone has seen any strange outbound traffic on
> port 3389 from Microsoft Windows Server over the last few hours.
>
Feels like Morto:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Worm%3AWin32%2FMorto.A
http://www.f-secure.com/weblog/archives/00002227.html
Seen a lot of this through my honeypots and whatnot the last few months,
spiking just as you describe.
Cheers,
Scott
More information about the AusNOG
mailing list