This morning, when I turned on my monitor, my login screen was up. XP would not accept my password for my user account or my administrator account. After I ran a utility to reset the administrator password, I was able to log in. Once I did, I found Advanced Mass Sender on my computer. It appears that the hackers got in by brute force through Remote Desktop (RDP).
Am I correct that RDP has no defense against a brute force attack? There are options for servers, but this is a standalone machine running XP Pro. (The machine is scheduled for retire, but it's not there yet.)
Based on what I can see, they got in at 6:20AM. I discovered the problem before 7:00AM. Since I had to leave for the office, I didn't get to spend much time investigating, but it looks like there are not any logs for Advanced Mass Sender. I don't care if it sent emails. My concern is what other information might have been stolen from the computer. Where would they get passwords?
The machine is off line until I can do more investigation. RDP will be disabled. I still need a way to access the machine from the office. TeamViewer is great, but I cannot install it on my office machine. That's why I used RDP. Is there a way to limit RDP to a certain IP address? What would you suggest?
Edited by hamluis, 10 August 2015 - 04:04 PM.
Moved from XP to Gen Security - Hamluis.