Found at:
http://isc.sans.org/
RealVNC exploits in the wild (NEW)
Published: 2006-05-18,
Last Updated: 2006-05-18 17:10:59 UTC by Swa Frantzen
Active use of RealVNC to break into systems is being reported anonymously.
If you can share more details or just can report attempts, please
let us know.
If you have any RealVNC exposed, check if you are hacked, and if not take measures immediately. If you want an inherently more secure solution check how to run
vnc over ssh on your specific platform.
See more of the vulnerability in the
May 15th diary by Kyle Haugsness.
[updates below]
List of exploits reported to us by our readers:
- Austin from the UK reports that all shared printers in his office stated to print:
Dear Network Administrator. Please do not be alarmed. My team is network security specialist. You are using a vulnerable version of VNC. Please upgrade your version soon.We have not accessed your data but we could have. Have a nice dayThe intrusion reportedly happened on a workstation where a visitor left a VNC server running.
- He notes that
"RealVNC logs all connection IP addresses in the event manager which some people didn't know".
- An Anonymous report about the installation of typical tools installed by the warez and hacker crowd such as Serv-U and pwdump.
...
Keep them coming!
Reply With Quote