1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

28 Aug: VPS/RDP Worm/Virus: Morto (IMPORTANT)

Discussion in 'BlackHat Lounge' started by healzer, Aug 29, 2011.

  1. healzer

    healzer Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Jun 26, 2011
    Messages:
    2,364
    Likes Received:
    1,966
    Gender:
    Male
    Occupation:
    Marketing automation tools
    Location:
    Somewhere in Europe
    Home Page:
    Every bit of information can be read here:

    http://www.blackhatworld.com/blackhat-seo/blackhat-lounge/347140-virus-fix-i-pay.html

    I first discovered this 1 week ago...Actually 2 weeks ago when Xsserver crashed... after that I was losing speeds...

    My VPS speeds are now at 1-2mb/s, usually they are 11mbs :pirate:

    Morto Worm is a high level worm
    Microsoft is trying to figure out a solution

    If POSSIBLE, DO NOT connect to your VPS/RDP at any moment soon...


    • are you experiencing low download/internet speeds?
    • your VPS interface lagging?
    • low upload speeds?
    • crappy service?
    YOU are probably INFECTED

    this virus has been there since the begin of August, maybe earlier, I didn't know about it until today thanks to Crazy & Ericcson :rolleyes:

    Keep yourself updated with new Win updates & update your AV these days a lot.



    The virus uses your VPS/remote desktop to get into your PC, it's said to create a big botNet for DdoS purposes.


    I'm trying to figure out if I have the virus (I probably do), but no AV sees it, it's hard to find it
     
  2. JesusBack

    JesusBack Executive VIP Premium Member

    Joined:
    Sep 15, 2010
    Messages:
    1,159
    Likes Received:
    1,284
    Occupation:
    Almost done :D
    Location:
    {calm|cool|collected}
    got hit too on one of my machines. best thing to do is reload your machine.
     
    • Thanks Thanks x 1
  3. healzer

    healzer Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Jun 26, 2011
    Messages:
    2,364
    Likes Received:
    1,966
    Gender:
    Male
    Occupation:
    Marketing automation tools
    Location:
    Somewhere in Europe
    Home Page:
    How did you find out it got hit your machines?


    btw, when you reinstall windows and connect to your VPS, you get infected again, careful people
     
  4. healzer

    healzer Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Jun 26, 2011
    Messages:
    2,364
    Likes Received:
    1,966
    Gender:
    Male
    Occupation:
    Marketing automation tools
    Location:
    Somewhere in Europe
    Home Page:
    Despite the research done by BHW members, THANK YOU, we did not find the virus, maybe because it was too hidden or it just wasn't there.

    If anyone is recording weird behavior on their RDP/VPS or been a victim , please tell us more about it, any information will do.
     
  5. dowser

    dowser Power Member

    Joined:
    Jun 5, 2011
    Messages:
    685
    Likes Received:
    122
    Location:
    canada
    Something is not kosher here... so the only indication is slow connection and your bank blocking your access?

    Usually there are other indicators that can be found using hijackthis and such tools and so far we have nothing here...
    My vps is slow, but I'm not going to re-install my os because of that, I need more info before I panic. There could be 150 things that influence the speed of vps connection.
     
  6. healzer

    healzer Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Jun 26, 2011
    Messages:
    2,364
    Likes Received:
    1,966
    Gender:
    Male
    Occupation:
    Marketing automation tools
    Location:
    Somewhere in Europe
    Home Page:
    I'm not the only one, I have been targeted, by something :pirate:
     
  7. euhero

    euhero Regular Member

    Joined:
    Jun 21, 2011
    Messages:
    253
    Likes Received:
    209
    Location:
    Somewhere in space
    I guess Anon is on the move to destroy Facebook.. LOL

    :D

    That explains why i got so many errors on my net lately. :(
     
  8. davids355

    davids355 Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 25, 2011
    Messages:
    8,792
    Likes Received:
    6,329
    Home Page:
    Honestly that's what I thought!! I don't know though, it could be a well hidden rootkit - I have seen them a few times - I had one once that literally couldn't be found anywhere, no entries in hjt nothing from virus scan even with drive outside pc, but google entries were being redirected - that turned out to be an infected LAN driver that the virus had embedded itself in.

    I am very interested to see what comes to light with this one.
     
  9. healzer

    healzer Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Jun 26, 2011
    Messages:
    2,364
    Likes Received:
    1,966
    Gender:
    Male
    Occupation:
    Marketing automation tools
    Location:
    Somewhere in Europe
    Home Page:

    I have run DBAN and wiped all data from another HDD I had lying around, I'm on WinXp at this moment, am downloading Windows 7 from TPB

    Will run DBAN to clean all data on my main HDD and install win7 :pirate:
     
  10. moggwai

    moggwai Junior Member

    Joined:
    Jul 15, 2010
    Messages:
    181
    Likes Received:
    69
    Occupation:
    College
    Location:
    Ireland
    its the facebook takedown.. leave it for now dont wreck it
     
    • Thanks Thanks x 1
  11. Jonny Quick

    Jonny Quick BANNED BANNED

    Joined:
    Aug 26, 2010
    Messages:
    231
    Likes Received:
    340
    ROFLMAO. Just like all these computer wizards have been saying, just do a wipe, reformat and reinstall some cracked software from a torrent site named "Pirate Bay". Your bank account will be safe then. It's simply amazing the kind of advice you can get for $20.00 or less, lol....