Ive seen this attack occur on a windows xp machine running realvnc a number of years ago but this time it hit my ubuntu 10.4 machine.
I am currently working away from an internet connection so i am using my phone tethered with my computer to get online (see my last post). This configuration gives my laptop my public IP address ( ie no network address translation).
I was sitting at my machine just about to start programming and all of a sudden my mouse starts moving.
I looked at the gnome to panel just as it flashed the “your computer is being remotely controlled” message from the VNC server vino built into ubuntu.
The remote connection then typed the following message as if it was trying to run that command.
The remote connection terminated a second later and the attack was over.
I then opened my remote desktop preferences to check whether or not I had turned it on
If you look closely you will see however that even though the options are greyed out the box for “allow others users to control…” was ticked and all the security boxes were unticked. I cannot remember what settings i had before the attack and its possible that as part of the attack the settings were changed but as all it tried to do was run a windows command (as far a i could see) i can only assume that the attack was probably not written to attack gnome.
All in all made for a good laugh seeing a windows attack play out on a linux machine. I just hope nothing else happened that i didnt see.
Edit: I had a bit of a flip through my system logs and it looks all clean.