Morto Worm Found Squirming on Chinese MMORPG Site

2011-09-19T18:28:06
ID THREATPOST:37628BE0E27230C01D10DB38C9F7962A
Type threatpost
Reporter Chris Brook
Modified 2013-04-17T16:33:45

Description

WormThe Morto Worm began to make waves just three short weeks ago after working its way through Windows’ Remote Desktop Protocol (RDP) but now the worm appears to have an entirely new mode of transport: Jade Dynasty, a massively multiplayer online role playing game (MMORPG) that is popular in China.

According to records obtained by Symantec’s Security Response blog, has stopped spreading using RDP and has been passing through the index pages of the Chinese gaming site, instead.

According to a Symantec blog post, W32.Morto is now snaking its way through the server emulators of Jade Dynasty (Zhu Xian in Chinese), is no longer performing DNS queries to keep in contact with its attackers and is performing fewer “meaningful activities” (read: “criminal activities”) in recent weeks.

It’s hard to say what the purpose of the new Morto variant is, or if there’s a clear connection to the parties responsible for releasing the worm in the first place. After initially turning up on Windows 7 machines in late August, the worm has since dropped off the radar.