IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Re: Any info on the virus?
This is what we got from company security:

Subject:Virus Outbreak (RealVNC)
Message:GTRC,
Forwarding case to Site Support to have the system reimaged and cleaned.
To summarize, the worm looks for any systems running RealVNC versions
4.1.1 and below, and if it finds one it uses an exploit to log into the system without a
username or password. Once on the system it downloads a rootkit, and begins to spread to other systems.

Once the system is infected, the new rootkit disables any AV scan running, and makes it very difficult to remove. We recommend that the machines be rebuilt if they are infected, until a proven method is discovered to remove the rootkit.

Infosec has blackholed the command and control server at this point, so no systems are under remote control, however if the DNS record changes, the machines will reconnect to the c&c server.

Infosec is in the process of scanning the network and identifying all systems with this virus signature. As a result, cases will be generated for remediation and assigned to On Site Services.

Type Trojan

W32/Tilebot-JS is a backdoor worm for the Windows platform which allows a remote intruder to gain access and control over the computer.

RealVNC

A flaw exists RealVNC server v4.1.1 and older which allows an attacker to override RealVNC server-side authentication. This could result in the attacker gaining remote control over systems running RealVNC server.

[link|http://www.purdue.edu/securepurdue/steam/newsDetail.cfm?NewsID=59|http://www.purdue.ed...ail.cfm?NewsID=59]

* RealVNC is currently not a "company" Supported application. We recommend removing or upgrading to the latest secure version.


This link also talks about it:
[link|http://www.symantec.com/avcenter/attack_sigs/s21641.html|http://www.symantec...._sigs/s21641.html]

HTH
New Thanks, forwarded.
-----------------------------------------
Atheism is a religion in the same sense that not collecting stamps is a hobby.
     VNC replacement? - (hnick) - (9)
         Why not Remote Desktop? - (crazy) - (5)
             Thanks. I never used it before. - (hnick) - (4)
                 Check any QOS policies if there are routers in the mix -NT - (pwhysall)
                 Umm - (crazy) - (2)
                     I think you're right - (tjsinclair)
                     Seems to work. - (hnick)
         Any info on the virus? - (Silverlock) - (2)
             Re: Any info on the virus? - (hnick) - (1)
                 Thanks, forwarded. -NT - (Silverlock)

Priorities, people. Jeez.
35 ms