Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

More SoBig comments, and Whack-A-Scam, Ultr@VNC Vulnerability

Published: 2004-01-17
Last Updated: 2004-01-18 03:11:49 UTC
by Davis Sickmon (Version: 1)
0 comment(s)
Alex Shipp of Message Labs email further comments on the SoBig.F

resurrection. Alex pointed out that their statistics show no overall

increase in SoBig.F emails - instead, just normal fluctuation in the daily

statistics.
----
It's been pointed out that while the trojan-loaded website EV1.NET has

been shut down, in typical whack-a-mole fashion, a new one has already

popped up at chwolter.com. If you happen to see any more of these pop up,

it's probably worth mentioning them.
----
Ultr@VNC[1] is a VNC variation for administrating Windows based platforms

remotely. It supports Windows logins and access rights - however, today

Secure Network Operations released a new security escalation example (you

have to already be logged into VNC) and Ultr@VNC has not been patched yet

to fix the problem. A quick fix (via commenting out some lines and

recompiling) was mentioned in the release on BugTraq.
(Mentioned because I know a number of Windows admins who make use of some

of the VNC variants for remote server configuration. Since it's unknown

when the patch will be released at this time, )
[1] http://ultravnc.sourceforge.net/
Handler On Duty, Davis Ray Sickmon, Jr

Midnight Ryder Technologies (http://www.midnightryder.com)
Keywords:
0 comment(s)
Diary Archives