Searching \ for '[EE]: WINXP Malware Attacks' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: techref.massmind.org/techref/index.htm?key=winxp+malware+attacks
Search entire site for: 'WINXP Malware Attacks'.

Exact match. Not showing close matches.
PICList Thread
'[EE]: WINXP Malware Attacks'
2006\10\16@112712 by Carey Fisher - NCS

face picon face
> Frank Niu wrote:
>  
>> I got a announcement about this issue. It is indeed a VNC-related security
>> problem. You need to upgrade the VNC version. ( I upgrade to 4.1.2)
>>
>> **********************************
>> There is a known exposure in some versions of the popular program VNC by
>> which an attacker can get past the password protection and compromise the
>> system.   It was found in the "RealVNC" version and an upgrade which fixes
>> this exposure is available.  Other versions of VNC may or may not be
>> affected.  
>>  
>>  
 
Well, it happened again.  I've gotten in the habit of disabling the network connection when I leave this computer.  So, this morning, I sat down to work and re-enabled the network connection.
As I was working, I answered a phone call and when I turned back to the screen, I saw a DOS window with someone typing.  They were entering a command to use tftp to download a file called mdn.exe to my computer!!!!!
So, I immediately shutdown the network connection, the tftp connection timed out and I breathed a sigh of relief.
Now, to figure out who and how...  I traced the IP address to an ISP in Korea so no point in pursuing the "who".  The "how" is the most important anyway.
So, what I've done for now, is to totally shutdown RealVNC including plugging the holes in the firewall for the VNC ports.
I'll continue disabling the network connection to this computer when I'm not using it.  If I get another attack, I'll know it's not VNC.  But I have a feeling it is VNC because this is the only computer on the LAN (6 machines total) that has had any of this kind of activity and it's the only one the firewall sends VNC traffic to.
Carey

2006\10\16@140737 by Bob Axtell

face picon face
Carey Fisher - NCS wrote:
{Quote hidden}

Wow...Glad I pulled my RealVNC connction a few months ago.

--Bob

2006\10\16@151413 by Carey Fisher - NCS

face picon face
Here is a description from (secunia.com) of the specific vulnerability that I appear to have suffered.  It agrees with Frank Niu's info.

Description:
Steve Wiseman has reported a vulnerability in RealVNC, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error within the handling of VNC password authentication requests. This can be exploited to bypass authentication and allows access to the remote system without requiring knowledge of the VNC password.

The vulnerability has been reported in version 4.1.1. Other versions may also be affected.

Note: Version 4.0 is reportedly not affected.

Solution:
Update to Free Edition version 4.1.2 or Personal Edition/Enterprise Edition version 4.2.3.

Carey

2006\10\25@225202 by Carey Fisher

face picon face

Carey Fisher - NCS wrote:
> Here is a description from (secunia.com) of the specific vulnerability that I appear to have suffered.  It agrees with Frank Niu's info.
>
> Description:
> Steve Wiseman has reported a vulnerability in RealVNC, which can be exploited by malicious people to bypass certain security restrictions.
>
> The vulnerability is caused due to an error within the handling of VNC password authentication requests. This can be exploited to bypass authentication and allows access to the remote system without requiring knowledge of the VNC password.
>
> The vulnerability has been reported in version 4.1.1. Other versions may also be affected.
>
> Note: Version 4.0 is reportedly not affected.
>
> Solution:
> Update to Free Edition version 4.1.2 or Personal Edition/Enterprise Edition version 4.2.3.
>
> Carey
>  
Here is a link to a lot of "exploits" including the RealVNC one that
nearly got me.  It shows videos of how to execute the hacks.
http://www.milw0rm.org/video/#
Carey

More... (looser matching)
- Last day of these posts
- In 2006 , 2007 only
- Today
- New search...