Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 972
  • Last Modified:

Viruses or spyware infiltrating an RDP session?

Is it possible for a remote user who is accessing a Terminal Server via RDP to have virus/spyware from their local computer infect the server they are logging into or have virus/spyware from the Terminal Server they are logged into infect their local PC? Assume there are no shared drives/mapped drives in the TS session. I know that while they are in their terminal session they could download 'bad' stuff and it could infect the server if not trapped.  As well I know they could minimize their terminal session and go out to the Internet directly through their PC and get the local PC infected. But can any virus/spyware jump from either the local desktop to the remote desktop or vice versa during a terminal session?
0
lineonecorp
Asked:
lineonecorp
4 Solutions
 
jenkinsmeCommented:
In theory anything is possible. However I have not heard of any viruses that are linked to RDP or any VNC client for that matter. They would need to somehow get the virus to transfer over the RDP port directly and would be very hard to "hide" that kind of virus.
0
 
Frosty555Commented:
I could imagine a virus that is basically an RDP client, just like the remote desktop client that comes with windows. Except it would connect to the server (provided it knew the credentials to use, possibly obtained via a keylogger or some other social engineering), then connect to the remote server and perform a set of actions that would cause the server to download and execute an infected file.

Or if the virus isn't specifically an RDP client, it could just wait for an RDP session to start, then take over the mouse/keyboard and cause the server to download/run an infected executable.

But wow that would be a longshot. It would be something very targeted, maybe a script a disgruntled employee might deploy. Certainly not something I've ever actually heard of in real life.
0
 
Mal OsborneAlpha GeekCommented:
I have seen several virii of late that infect USB keys, and autorun as soon as it is plugged in.  If you mapped drives in the RDP session, a virus on a USB key would have an easy way in.  These virii are certainly out there right now, and could certainly get in like that.
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
r-kCommented:
Theoretically, yes. Practically, this is very difficult, and the returns (for the virus writer) are slim, so I am not aware of any virus that attempts to exploit this.

The task for the virus writer is not easy. First, they have to infect the server. Next they have to find a way to infect the PC via the RDP connection, i.e. they have to discover and exploit some weakness in the RDP protocol and client. Finally, they have to live with the knowledge that relatively few PC's would get infected this way. It is just not worth their time considering how many easier ways exist to attack end-user PC's in other ways (such as email, web browsing, music sharing etc.)
0
 
Mal OsborneAlpha GeekCommented:
This common virus wouod have no problems infecting a Terminal Server, if the option to map USB drives is enabled:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FDELF%2ECFQ&VSect=P
0
 
Frosty555Commented:
This depends on if the terminal server has autoruns enabled for removable storage.

Personally, on all my computers I disable autorun, and I would expect any prudent administrator to do the same on their terminal server, if it isn't already disabled by default.

0
 
Mal OsborneAlpha GeekCommented:
Autorun is on by default.  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now