[allen2]

I wasn't infected nor seen any case of infection yet but everyone should be extra-careful as this new worm could spread using hole in rdp.
Here is the thread at MS Technet.
Description of this worm is there.
At this time most antivirus doesn't even detect it (so automatic removal isn't an option).

[Tripredacus]

Would it be wise to block RDP ports on systems that aren't configured to use it, at least until a common fix is available for this worm?

[allen2]

Yes it would be very wise to filter at list from source ips and block when not needed.
Although MS say it use a dictionary attack on weak passwords, it seems it was able to spread on other system as well.
It seems almost every years (or so) a real bad worm spread in august (the only exception is conficker).

[Tripredacus]

I was reading about this on Sophos, but they seem to be saying there is more talk about this than actual reported infections. Although that may be related to most scanners' inability to detect it.

[allen2]

Yes that might be true but anyway, being aware of such suspicious behavior might help avoid hours of diagnostic.

[ricktendo]

I have a friend who got this recently

This post has been edited by ricktendo64: 01 September 2011 - 05:43 PM