Apple QuickTime 7.3 RTSP – CVE-2007-6166
Friend of mine who’s mom has her own private business complained about her computer giving issues (drivers uninstalled by itself). He himself also have some issues with his computer (although a fresh install about a week ago). His PC is overheating on the north bridge and shutting down by itself. It is suspected that there might be cryptocurrency mining involved in the network computers
The issues started after the LAN network was enabled a few days ago.
A network is used between the computers to transfer files and data.
A db_nmap scan was performed on the network and it was noted that Apple QuickTime 7.3 RTSP port 554 was open on all the Windows devices. After querying about the entire system it was also noted that one individual is playing a lot of online gaming. It is suspected that something he installed on his computer infected the entire network (aimed at all Windows devices).
The LAN network was shut down as first mitigation. The only computer which actually requires an active connection is the gaming pc anyway.
More research will be done on Apple QuickTime 7.3 RTSP – CVE-2007-6166. Quick reference does indicate that this vulnerability is used for arbitrary code injection.
The scan with db_nmap did also revealed that except for the “main” infected machine, all other machines had their Admin privileges revoked and all users only have guest access to their systems