Just returned to my computer to find someone had taken control, presumably using RealVNC. They had opened up Start > Run and typed "gen.us/oagain.exe". I presume they were trying to install a virus, as said on other forums, but it came up with an error : File not found. VNC had a password on, and none of my other computers running RealVNC Server have done the same. Has this happened to anyone else, and is there a patch to fix it? Thanks, Thomas
I heard that there were severe vulnerabilities in older versions on RealVNC which allowed a cracker to access the system without being prompted for a password. I strongly recommend you upgrade to the newest version possible.
I've only had RealVNC on about 3 days (Version 4.1.2 I think), so I doubt it's an older version. Thanks, Thomas
VNC is not something I would ever let out through a firewall directly. Whenever possible, you should have a secure tunnel into your network, via something like SSH (if you're fortunate enough to be running a Unix derivitive) or some form of VPN.
Try using UltraVNC or tightVNC. Like AT said, dont open VNC ports, if you really need to for some reason, be sure to lock your desktop.
Here's a further reading, try downloading the latest one (4.2.6) its seems safe from that vulnerability.
