Solved

Viruses or spyware infiltrating an RDP session?

Posted on 2008-06-17
9
937 Views
Last Modified: 2013-11-21
Is it possible for a remote user who is accessing a Terminal Server via RDP to have virus/spyware from their local computer infect the server they are logging into or have virus/spyware from the Terminal Server they are logged into infect their local PC? Assume there are no shared drives/mapped drives in the TS session. I know that while they are in their terminal session they could download 'bad' stuff and it could infect the server if not trapped.  As well I know they could minimize their terminal session and go out to the Internet directly through their PC and get the local PC infected. But can any virus/spyware jump from either the local desktop to the remote desktop or vice versa during a terminal session?
0
Comment
Question by:lineonecorp
9 Comments
 
LVL 5

Accepted Solution

by:
jenkinsme earned 32 total points
ID: 21809526
In theory anything is possible. However I have not heard of any viruses that are linked to RDP or any VNC client for that matter. They would need to somehow get the virus to transfer over the RDP port directly and would be very hard to "hide" that kind of virus.
0
 
LVL 31

Assisted Solution

by:Frosty555
Frosty555 earned 31 total points
ID: 21809539
I could imagine a virus that is basically an RDP client, just like the remote desktop client that comes with windows. Except it would connect to the server (provided it knew the credentials to use, possibly obtained via a keylogger or some other social engineering), then connect to the remote server and perform a set of actions that would cause the server to download and execute an infected file.

Or if the virus isn't specifically an RDP client, it could just wait for an RDP session to start, then take over the mouse/keyboard and cause the server to download/run an infected executable.

But wow that would be a longshot. It would be something very targeted, maybe a script a disgruntled employee might deploy. Certainly not something I've ever actually heard of in real life.
0
 
LVL 17

Assisted Solution

by:Malmensa
Malmensa earned 31 total points
ID: 21809637
I have seen several virii of late that infect USB keys, and autorun as soon as it is plugged in.  If you mapped drives in the RDP session, a virus on a USB key would have an easy way in.  These virii are certainly out there right now, and could certainly get in like that.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 32

Assisted Solution

by:r-k
r-k earned 31 total points
ID: 21810108
Theoretically, yes. Practically, this is very difficult, and the returns (for the virus writer) are slim, so I am not aware of any virus that attempts to exploit this.

The task for the virus writer is not easy. First, they have to infect the server. Next they have to find a way to infect the PC via the RDP connection, i.e. they have to discover and exploit some weakness in the RDP protocol and client. Finally, they have to live with the knowledge that relatively few PC's would get infected this way. It is just not worth their time considering how many easier ways exist to attack end-user PC's in other ways (such as email, web browsing, music sharing etc.)
0
 
LVL 17

Expert Comment

by:Malmensa
ID: 21810166
This common virus wouod have no problems infecting a Terminal Server, if the option to map USB drives is enabled:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FDELF%2ECFQ&VSect=P
0
 
LVL 31

Expert Comment

by:Frosty555
ID: 21822621
This depends on if the terminal server has autoruns enabled for removable storage.

Personally, on all my computers I disable autorun, and I would expect any prudent administrator to do the same on their terminal server, if it isn't already disabled by default.

0
 
LVL 17

Expert Comment

by:Malmensa
ID: 21951687
Autorun is on by default.  
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question