Security News > 2020 > May > Malware opens RDP backdoor into Windows systems
A new version of the Sarwent malware can open the Remote Desktop Protocol port on target Windows computers to make sure that crooks can find their way back into the system through the backdoor.
Create a new Windows user account, enable the RDP service for it, and make changes to the Windows firewall so that RDP access to the infected machine is allowed.
Removing the malware from the infected computer will not automatically close the RDP "Hole".
Users, admins or paid "Cleaners" also have to remove the user account set up by the malware and close the RDP access port in the firewall.
Gaining access to Windows machines via the Remote Desktop Protocol has become a preferred tactic of cyber crooks and ransomware gangs, though they usually scan for machines/servers that already have RDP enabled and then they try to brute-force the passwords that safeguard access through it.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/ieZu1LoovJY/
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)