Page 1 of 1

Trojans, Passwords, Connection Files and Encryption

PostPosted: Thu Mar 21, 2013 12:11 pm
by rmcardle
You may have heard news recently of a Trojan which targets saved passwords stored in mRemote (but not mRemoteNG) connection files.

http://blogs.mcafee.com/mcafee-labs/sou ... ve-malware
http://www.symantec.com/connect/blogs/r ... ber-attack

By default, mRemoteNG encrypts the passwords in your connection files with a standard password that is hard coded into the program. This obscures the passwords from casual snooping but still allows the connection files to be used and shared easily.

To protect yourself against threats like Trojan.Jokra, you can encrypt the passwords in your mRemoteNG connection files with your own password instead of the standard password. This will make it significantly harder for your passwords to be decrypted and is quite easy to do.

  • Open mRemoteNG.
  • Open the connection file you would like to protect.
  • Select the root "Connections" entry with the globe icon in the Connections panel tree.
  • In the Config panel, change "Password protect" to "Yes".
  • Enter you password (or passphrase) twice and click OK.
As an additional measure, you can further protect your connection file by having mRemoteNG encrypt the entire file, instead of just the passwords within the file. You might want to do this if you are worried about IP addresses or hostnames being revealed or if you have sensitive information in the Name, Description, or User Field fields.

  • Password protect the connection file as above.
  • Go to Tools->Options->Advanced.
  • Check "Completely encrypt connection file" and click "OK".
Be aware that mRemoteNG keeps several backups of your connection files and this won't protect backups that were made before you password protected your connection file. If you are using the default connection file (confCons.xml), these backups will be located in the following folder:

Code: Select all
%USERPROFILE%\AppData\Roaming\mRemoteNG

The backups are named as follows:

Code: Select all
confCons.xml.[Timestamp].backup
confCons.xml.backup
confCons.xml_BAK

You should delete these backups or move them to a secure location. After password protecting your connection file, all future backups will be protected as well.

mRemoteNG uses standard encryption APIs implemented by the .NET Framework. Since mRemoteNG is open source, the source code is freely available on GitHub for you to audit.

https://github.com/rmcardle/mRemoteNG

If you have any questions or concerns, please let me know.

Re: Trojans, Passwords, Connection Files and Encryption

PostPosted: Thu Mar 21, 2013 2:49 pm
by jeffreyklassen
Awesome, thank you. I was reading my rss feeds today and read about the issue on hackernews.com. I was kinda surprised to see mRemote targeted but it made me think I may have to finally move on, until i discovered this fork. I think its great you are keeping it going.

Thanks again.

Re: Trojans, Passwords, Connection Files and Encryption

PostPosted: Sun Mar 24, 2013 11:23 pm
by Mozez
Nice one, thanks!

Re: Trojans, Passwords, Connection Files and Encryption

PostPosted: Mon Mar 25, 2013 1:57 am
by DVT_Sogh
French translation of this topic in the French Subforum : viewtopic.php?f=13&t=1940