The United States Army and Navy are conducting a high-priority security review of their Microsoft [NASDAQ:MSFT] Windows systems for the presence of an unauthorized remote-control program, sources familiar with the investigation have confirmed.
An unclassified memo, sent Mar. 6 by the Navy's Computer Incident Response Team (NAVCIRT), warned Navy computer administrators to scan their Windows systems for evidence of a popular commercial software program called RemotelyAnywhere.
"NAVCIRT (Navy's Computer Incident Response Team) received several computer incident reports involving the installation of RemotelyAnywhere on compromised computer systems which in turn enables scanning, probing, and compromising of additional DOD systems," said the memo, a copy of which was received by Rob Rosenberger, an independent virus expert who consults to the military on information security matters.
The Army memo, sent out on the 13th March, distributed by e-mail and designated High Importance, warned information assurance managers (IAMs) that the remote access tool "may be sitting on our systems, waiting to be launched." The memo instructs Army system administrators to search all Windows computers for the presence of files that "are evidence of system compromise."
A representative of Wisconsin-based Binary Research International, which distributes RemotelyAnywhere, said military investigators contacted the company last week for assistance after an undisclosed number of copies of the program were discovered on Department of Defense computer systems. The attackers are believed to have obtained illegally licensed or "cracked" copies of RemotelyAnywhere, which costs $99 for a single-user license, according to Szopinski.
According to product documentation, RemotelyAnywhere is developed by Hungary-based 3am Labs. The software acts as a HTTP server and allows remote users to access files and manage a computer remotely through a Web browser. The program includes a configurable "listener" function that waits for connections on TCP ports 2000 and 2001 by default. To install RemotelyAnywhere on Windows NT, 2000, or XP systems, users must have system administrator privileges, Binary spokesman Jim Szopinski said.
News source: Newsbytes