Some time in early 2000s I was following FXP boards and playing with scanning open ports on IP ranges.<p>Remote-Anything was quite a common way to gain access to someone's computer and turn it into a pubstro.<p>A lot of people back then were running Windows XP without any password, which meant RA could be used by anyone to connect to their computer and do anything there (for example playing solitaire or displaying "Hello, I am your computer and I just gain conciousness" alert).<p>I believe a lot of people didn't even know they had RA installed on their computers and running there. It was a nightmare from security standpoint.
The actual reports show that the tool was being used maliciously. People had no idea that their machine had a RAT installed, so of course AV vendors would take action.<p><a href="http://remote-anything.com/McAfee_ThreatProfile_RemAdm-RemoteAnythng!ACC3854B5775_2013-12-11.png" rel="nofollow">http://remote-anything.com/McAfee_ThreatProfile_RemAdm-Remot...</a><p><a href="http://remote-anything.com/Kaspersky_not-a-virus_RemoteAdmin.Win32.RA.5130_2013-12-11.png" rel="nofollow">http://remote-anything.com/Kaspersky_not-a-virus_RemoteAdmin...</a>
Reminds me of SlimFTPd. A small, efficient, freeware (now BSD licensed) FTP daemon for Windows that got used for malware purposes, found it's way on to AV lists, and now can't be used.<p><a href="http://www.whitsoftdev.com/slimftpd/" rel="nofollow">http://www.whitsoftdev.com/slimftpd/</a>
Is there a place I can readup on the remote-anything architecture? I see there's a master and slave -- do all the slaves dial out to the master and all slave-to-slave communication go through the master (like a turn server), or is it doing something more clever? In that case the master must be configured to accept connections
... It was marked as a virus because it was commonly being used to RAT machines. Cool software, but the response from AVs was entirely warranted.<p>What a misleading writeup.