Re: NETCAT?!?

John Hyde <EJHyd@xxxxxxxxxxxx> writes:

> I ran Adaware on my laptop (XP Home)and it identified NetCat (found in
> c:\\windows\nc.exe) as a "Critical Object". In looking it up, i find
> that it is a powerful tool, but not malware per se. Is there a reason
> I should have this on my system? Is it really a risk? any thoughts
> appreciated.

If you did not put nc there, your concern should be how did it get
there?! It's commonly something an attacker will get on your
machine one way or another. It has a variety of uses.

One of the more popular is that it can be used to trivially leave a
port listening on a shell on your system (nc -l -p XXXX -t -e cmd.exe)
such that someone can nc your.ip.address XXXX (where XXXX is a port
number of the attacker's choosing) and voila, your windows command
shell is available on the attacker's machine. Files can be moved
around with netcat, and other such stuff.

In your position, I'd be looking hard for other signs of intrusion, or
being safe and reinstalling the OS from original media.


--
Todd H.
http://www.toddh.net/
.