[AG-TECH] FYI - VNC attacks
Andrew Daviel
advax at triumf.ca
Thu Jun 8 18:04:37 CDT 2006
I believe many people in the videoconference community run VNC as
a desktop sharing application, often unwrapped (i.e. not protected by SSH
tunnelling). Apologies to others ....
FYI, we have been the target of some VNC attacks.
A couple of Windows machines (at least) that were running VNC server
(with a password, albeit not a strong one) were attacked and one
was infected with Spybot, later caught by antivirus software,
and another remote control application, also caught. There was a 3-week
window between the infection and the antivirus update which caught
it.
This may relate to the RealVNC security announcement a couple of weeks
ago. Or it may be password guessing like for SSH; I am not sure at this
point.
Admins may check Windows Event Viewer, Application log, for
"WinVNC4". VNC typically listens on port 5900
So, make sure you turn off VNC when not required, at least until we
figure this out ....
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
security at triumf.ca
More information about the ag-tech
mailing list