A new RDP worm is circulating on vulnerable systems with weak passwords:

Morto – New RDP Internet Worm manipulates weak passwords

QUOTE: A new worm, called “Morto,” has been infecting machines via Remote Desktop Protocol on Windows machines, according to security researchers. Morto is the first Internet worm to use RDP as an infection vector. Morto “appears to simply attempt to compromise systems by trying 30 common passwords for the Windows Administrator account over RDP,”  This particular worm highlights the importance of setting strong system passwords,” said Microsoft’s Gradascevic. “The ability of attackers to exploit weak passwords shouldn’t be underestimated.”

SYMPTOMS OF AN INFECTION: This creates a lot of traffic for port 3389/TCP, which is the RDP port.