Unmanarc Remote Control Server (URCS) Detection

Critical Nessus Plugin ID 15405

Synopsis

The remote host may have been compromised.

Description

This host appears to be running Unmanarc Remote Control Server (URCS). While it does have some legitimate uses, URCS may also have been installed silently as a backdoor, which may allow an intruder to gain remote access to files on the remote system. If this program was not installed for remote management, then it means the remote host has been compromised.

An attacker may use it to steal files, passwords, or redirect ports on the remote system to launch other attacks.

Solution

Reinstall the operating system and files from backup unless URCS is intended to be installed.

See Also

http://sourceforge.net/projects/urcs

http://www.nessus.org/u?ddf2497d

http://www.nessus.org/u?43608c3f

Plugin Details

Severity: Critical

ID: 15405

File Name: JM_urcs.nasl

Version: $Revision: 1.19 $

Type: remote

Family: Backdoors

Published: 2004/10/01

Modified: 2013/01/30

Dependencies: 11153

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C