Yet another worm is wreaking havoc around the world. First indications are that the malware comes in and starts on machines running that other OS with
- port 3389/tcp (RDP) open, and
- really weak passwords for “Administrator”.
Of course, then all Hell breaks loose. The thing was new and not detected by any of the malware scanners but it literally tried to take over the world and plugs connections to the Internet with attempts to spread via RDP.
While this is a vulnerability globally, it appears that the system software is functioning as intended but the vulnerability relies on poor/no system administration. Someone had to pick really weak passwords and leave “Administrator” available. Of course, human stupidity is in great supply as is that other OS so the lights could dim around the world as this thing spreads. M$ has a fix but it may not be applied by the twits with the weak passwords…
The mind boggles that people still depend on a monoculture of that other OS and it can all fall down so easily. If you want to leave 3389 open on your systems and not fall down, I suggest using GNU/Linux. It works and it would at least leave some of your system alive. Please use decent passwords.