Some time in early 2000s I was following FXP boards and playing with scanning open ports on IP ranges.
Remote-Anything was quite a common way to gain access to someone's computer and turn it into a pubstro.
A lot of people back then were running Windows XP without any password, which meant RA could be used by anyone to connect to their computer and do anything there (for example playing solitaire or displaying "Hello, I am your computer and I just gain conciousness" alert).
I believe a lot of people didn't even know they had RA installed on their computers and running there. It was a nightmare from security standpoint.
Yeah, I can't remember if it was RA or another tool, but some remote admin tools in the late 90s/early 2000s were too easy to install and ended up being used by phishers/scammers; so much so that in the wider context they were seen as hacking tools even though they had valid use cases.
I dont know what the solution is-- have some sort of registration / valid credit card check? (yes, I know that introduces friction and some people will just leave)
I remember Dameware being one of these. I have the same history as parent poster, used to do that whole scanning and turning hosts in to pubstros. Edu and NTT hosts were like gold for us.
Reminds me of SlimFTPd. A small, efficient, freeware (now BSD licensed) FTP daemon for Windows that got used for malware purposes, found it's way on to AV lists, and now can't be used.
Is there a place I can readup on the remote-anything architecture? I see there's a master and slave -- do all the slaves dial out to the master and all slave-to-slave communication go through the master (like a turn server), or is it doing something more clever? In that case the master must be configured to accept connections
The actual reports show that the tool was being used maliciously. People had no idea that their machine had a RAT installed, so of course AV vendors would take action.
13 comments
[ 2.9 ms ] story [ 44.8 ms ] threadRemote-Anything was quite a common way to gain access to someone's computer and turn it into a pubstro.
A lot of people back then were running Windows XP without any password, which meant RA could be used by anyone to connect to their computer and do anything there (for example playing solitaire or displaying "Hello, I am your computer and I just gain conciousness" alert).
I believe a lot of people didn't even know they had RA installed on their computers and running there. It was a nightmare from security standpoint.
I dont know what the solution is-- have some sort of registration / valid credit card check? (yes, I know that introduces friction and some people will just leave)
http://www.whitsoftdev.com/slimftpd/
http://remote-anything.com/McAfee_ThreatProfile_RemAdm-Remot...
http://remote-anything.com/Kaspersky_not-a-virus_RemoteAdmin...
What a misleading writeup.