{ "id": "89ee0ca1-01a8-43a0-b035-ef8787ec7cd3", "created_at": "2026-04-06T00:09:05.022435Z", "updated_at": "2026-04-10T03:20:33.442086Z", "deleted_at": null, "sha1_hash": "5d9b680586c3d56a61dfa8e4f37531c119bb763c", "title": "Worm:Win32/Morto.A threat description - Microsoft Security Intelligence", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 40563, "plain_text": "Worm:Win32/Morto.A threat description - Microsoft Security\r\nIntelligence\r\nBy Microsoft Corporation\r\nArchived: 2026-04-05 20:46:37 UTC\r\nPublished Aug 27, 2011 | Updated Sep 15, 2017\r\nDetected by Microsoft Defender Antivirus\r\nAliases: Trojan horse Generic24.OJQ (AVG) Trojan.DownLoader4.48720 (Dr.Web) Win-Trojan/Helpagent.7184\r\n(AhnLab) Troj/Agent-TEE (Sophos) Backdoor:Win32/Morto.A (Microsoft)\r\nSummary\r\nMicrosoft Defender Antivirus detects and removes this worm.\r\nThis threat is a worm that allows unauthorized access to an affected computer. It spreads by trying to compromise\r\nadministrator passwords for Remote Desktop connections on a network.\r\nWorms automatically spread to other PCs. They can do this in a number of ways, including by copying themselves\r\nto removable drives, network folders, or spreading through email.\r\nFind out ways that malware can get on your PC\r\nAdditional information for Enterprise users\r\nIn the wild, we have observed this threat infecting computers by targeting accounts that have weak passwords.\r\nTo help prevent infection, and consequent reinfection, make sure that your organization uses strong passwords for\r\nsystem and user accounts, and verifying that you do not use passwords like those being used by the malware in\r\norder to spread. Changing your password will significantly decrease your chance of re-infection.\r\nTo thwart this and similar threats, it helps to adhere to best password practices, defined and enforced by\r\nappropriate policies. Good polices include, but are not limited to:\r\nEnsuring there are rules around password complexity, so that passwords meet basic strong password\r\nrequirements, such as minimum length (long passwords are usually stronger than short ones)\r\nEnsuring passwords are not used for extended periods of time; consider setting an expiry every 30 to 90\r\ndays. You might also consider enforcing password history, so that users can not re-use the same password\r\nwithin a pre-defined time frame\r\nEnsuring passwords contain a combination of:\r\nUppercase letters\r\nhttps://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm:Win32/Morto.A\r\nPage 1 of 2\n\nLowercase letters\r\nNumerals, and\r\nSymbols\r\nFor general information about password best practices, please see the following articles:\r\nhttp://technet.microsoft.com/en-us/library/cc784090(WS.10).aspx\r\nhttp://technet.microsoft.com/en-us/library/cc756109(WS.10).aspx\r\nTo help prevent re-infection after cleaning, you may also want to consider changing the password for every\r\naccount on the network, for every user in your environment.\r\nSource: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm:Win32/Morto.A\r\nhttps://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm:Win32/Morto.A\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm:Win32/Morto.A" ], "report_names": [ "Morto.A" ], "threat_actors": [], "ts_created_at": 1775434145, "ts_updated_at": 1775791233, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/5d9b680586c3d56a61dfa8e4f37531c119bb763c.pdf", "text": "https://archive.orkl.eu/5d9b680586c3d56a61dfa8e4f37531c119bb763c.txt", "img": "https://archive.orkl.eu/5d9b680586c3d56a61dfa8e4f37531c119bb763c.jpg" } }