Morto worm infects Windows workstations and Windows servers. The worm looks for weak administrator passwords in Remote Desktop on an organization’s network. Researchers say the attack could be used for various purposes, including distributed denial-of-service (DDoS) attacks. Morto generates significant traffic, and appears to have ties to China and Hong Kong. Microsoft’s Malware Protection Center added detection for Worm:Win32/Morto.A. The worm generates “noticeable” amounts of traffic, Microsoft says.”]
Source: https://www.darkreading.com/attacks-breaches/new-windows-worm-wriggling-through-networks