Darkman wrote:
I let my norton expire for a few days, and noiced in my event viewer
anumber of connections to VNC from various other countries. however I
didn't notice the icon turning black as it would in a conneciton mode.
so I was wondering if I am being connected to, via some trojan. I did
a scan today after updating norton and found one trojan and one or two
other website deposited remote access files....
anyone ever see conneciton instances in their event logs?
Earlier this year I reported an incident in this listserv where I
was holding a demo on ways to use VNC to connect to other systems. It
was actually part of an two day Internet security lecture. I was using a
personal computer at home as the server. I set it up in the morning and
since I knew that the the RealVNC was still exposed to the after the
demo I turn it off remotely. I was tied up the rest of the day and my
wife unknowingly turned my computer on. Sure enough, right when I sat
down to look at my computer someone had been connected using my VNC
just a few seconds earlier. I un-installed the vnc server and the
person had no time to do anything. I had noticed that even while I was
doing the demo there were connection attempts at the RealVNC ports in
the event viewer that were not mine. Later I discovered that they were
most likely hackers from parts of Europe and the US looking for
vulnerable networks and VNC connections. Eventually one of them guessed
the weak password (or at least I hope that's what it was). To answer
your question it would seem that this occurs quite commonly and I have
demonstrated this by exposing an old laptop an open Internet connection
and recording the various connection attempts in an unrecommended
environment. However this is well known and has been going on for
sometime. The thing that really got my attention was when the
vulnerability was discovered it only took about a two days before I saw
some forums with good guesses of what the vulnerability was and how it
could be exploited and later someone send me a post from someone who
explained in detail what it was. For some reason news of the
vulnerability spread fast among hackers and at a rate that would put
Microsoft vulnerabilities to shame, but it's not as widespread as
Microsoft's problems yet. Most of this is due to the patch that came
about a day later to fix it (I like to see Microsoft move that fast).
This will make a good argument to introduce an automatic update feature
to all VNC programs and perhaps a way to detect and notify the user of
unsafe conditions. Anyway I can't wait to see what happens it seems
unlikely that everyone will know to upgrade their 4.1.1 realvnc before
something bad happens that, if the press gets involved, will spell doom
for VNC's in general.
Jorge
_______________________________________________
VNC-List mailing list
[email protected]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
