"Matt Weeks is one of the developers who contributes code to the open source Metasploit Project, a sprawling and continually updated security framework that functions as a repository for software vulnerabilities and is frequently used as a Swiss Army Knife for penetration testing. Weeks has published a long report on his site detailing how he was able to reverse-engineer the encrypted communications protocol used by Ammyy Admin, one of the most popular remote control apps used by tech support scammers, and then use that knowledge to ferret out a vulnerability in the Ammyy Admin application. Because Ammyy Admin uses the same binary on both the remote computer being controlled and the source computer doing the controlling, an exploit with the application has the potential to affect not just the target but also the source. Weeks figured that if he could sniff out a vulnerability in the application’s communications stack, he could use that vulnerability to execute code on the remote computer—in other words, to gain the same level of access on the scammer’s PC that the scammer tries to gain on the victim’s." -- source: http://bit.ly/X4faGL Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174