Saturday, July 28, 2007

Trend and WINVNC

All of sudden yesterday night we started receiving all these warnings that Trend CSM suit had detected multiple virus instances. The emails were flowing in from many sites we monitor every two minutes. Further investigation indicated that these warnings were being generated by WINVNC.EXE, which for those of you who don't know is a free remote access tool.

Now it was simple enough to go an create the exceptions in each Trend CMS console to stop these notifications but the question was why did they happen? They didn't happen on every site, even though other sites did have this software installed. Strange.

The issue has now apparently gone away so all we can deduce is that it had something to do with a recent virus definition update. As we said before, strange.