On May 8, 2007, at 9:17 AM, Jan Outhuis wrote:
The script gets typed in any window that's active at the moment the cursor is being taken over: it may be the Firefox 'find'-field or a terminal window for that matter.
Do you have a VNC server installed? If so you really want to either remove it or configure it to only listen on localhost so you can access it over an SSH tunnel but remote attackers can't get in. I'd also strongly recommend that you configure the built-in firewall since it you may have other exposed services - unfortunately I don't have a package recommendation as I just configure iptables directly.
I've seen this happen a couple of times on Macs where people inadvertently left VNC open w/o a password with very similar behaviour, which suggests people are scanning for vulnerable VNC installs but the automated stuff currently only has Windows exploits.
Chris
Attachment:
smime.p7s
Description: S/MIME cryptographic signature