For all of you out there who may be running VNC, you need to be aware that back in May of this year, it was discovered that it is possible to login to VNC 4.1.1 without a password, even if one is set. A worm was unleashed today, like others similar to it in the past, that takes advantage of this vulnerability. RealVNC Version 4.1.2 fixes this issue, but most people have not upgraded and are now getting hit by this automated attack. I highly suggest upgrading right now because there are many worms out there taking advantage of this hole to launch spyware on machines. This has already happened to a few friends computers.
http://www.intelliadmin.com/blog/2006/0 … ncept.html
http://isc.sans.org/diary.php?storyid=1331
http://www.realvnc.com/
Leave a Reply