Morto Warm can be circulated by using the Remote Desktop Protocol and it employs a way out to contact its C&C for taking down instructions through Domain Name System (DNS) TXT records, according to the news published in HELP NET SECURITY on September 02, 2011.
Security firm Symantec asserts that though a lot of mileage has been given to the recent RDP capable W32.Morto worm, one of the most significant aspects related to the worm's behavior has been left out. Most of the malware studied of recent constitutes some means of communication with a remote Command and Control (C&C) server. However, the actual vector of communication seems to differ between threats.
For instance, W32.IRCBot employs Internet Relay Chat channels while the latest malware threat, Trojan.Downbot is competent of reading commands that are embedded in the HTML pages and even image files. W32.Morto has also supplemented itself by adding another C&C communication vector by providing remote commands via Doman Name System (DNS) records.
...
