06-20-2012 03:52 AM
I downloaded the nxserver remote desktop software for Linux (SUSE) and the nxclient for Windows 7 from a site claiming to be www.nomachine.com. The site was approved by Norton (green ticks) and the Windows installation files were given a clean bill of health by the NIS file scan. I installed tested the remote desktop at home, in a accordance with the instructions, and it appeared to be very efficient. The next day I downloaded the Windows client on another system and tested it remotely.
It seemed to to update the desktop quickly, but the response to keyboard and mouse was very poor. When I looked at Resource Monitor the "client" was uploading data from the system at the maximum rate. I suspected foul play, and disconnected immediately also got the remote machines disconnected.
When I got home, I connected the Windows system to the Internet, while observing Resource Monitor.The nxclient was not running on this machine (or not supposed to be). I saw "mail.nomachine.com" being accessed on the network. I went to check what programs were running, and found "dd" running. As dd is a Linux program for direct data copying (e.g.. to the hard disk or BIOS firmware" I became very certain that the systems had been hacked:. The nomachine program appeared to run under Cygwin Linux emulation system on theWindows 7 system.
Later investigations indicated that my ADSL router could also have been hacked; I could not log in with my Admin password at the remote LAN/UPnP port 2800, but still could at the user port 80. Resetting the ADSL router allowed me to log into both.
I am therefore uncertain of the order of events; were my systems hacked earlier with the aid of the hacked router (redirecting to a fake nomachine.com site), or was the router hacked by remote access using the download from nomachine.com (which might have been compromised)?
Has anyone else had similar issues with software downloaded from nomachine.com?
Or can anyone with a "honeypot" virtual amchine check it out?
07-25-2012 07:31 AM
NoMachine's software does not contain any code that transmits any data back to nomachine.com. As we build our code from scratch I can safely say that our code contains no viruses or malware. Also, dd is not included anywhere in our code base used for building NX Server or NX Client.