From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-208804-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 65789 invoked by alias); 28 Jun 2017 22:13:25 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 65593 invoked by uid 89); 28 Jun 2017 22:13:24 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=xlaunch, who's, HX-Envelope-From:sk:daniel., activity
X-HELO: mail-pf0-f175.google.com
Received: from mail-pf0-f175.google.com (HELO mail-pf0-f175.google.com) (209.85.192.175) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 28 Jun 2017 22:13:23 +0000
Received: by mail-pf0-f175.google.com with SMTP id s66so39985959pfs.1        for <cygwin@cygwin.com>; Wed, 28 Jun 2017 15:13:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=1e100.net; s=20161025;        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from         :date:message-id:subject:to:cc;        bh=HjUtl6TTnG7CnY3cgkWO6uZCtGgq+4hhP441qc00EHs=;        b=SA7pU1F8liv3Lpao6euYK6Z1ciUOBXdKbKGw84GkB9rHX/bGozNGFXLE0PVZlgKerD         0WFWIuggCc/wOZv0nW0fmAkZkogHCFrioyPoTO983Y9yNVB6vMauPt/QXXC84QrD04Lj         084PvjX0TUaA7OEViJwTedMFr2eQWjJjSjnpmkp1VAquQfy/hXggxDughz0cII0GdOqo         co6Ay0QUDd/2KHR2NuLjbM3nZvWaXjT4NwKeaVFiiNidjW5L9SjHJ/cSV+3CnDavsM0I         Hce5GBw7Mf6AMMxqqRgPCsT6nXpf7d5qh4J3Kn9+t/Q09DhfRvllGLT2YdB/e4jo16sC         002g==
X-Gm-Message-State: AKS2vOwKnTYMxglAKP4OtsprkptB0xHhBVKf8xnI47M1F4KnmtLBloMV	/OEKuB9dlwM9bwQH+xTMzD2e9TC1pA==
X-Received: by 10.99.144.65 with SMTP id a62mr12422818pge.108.1498688001232; Wed, 28 Jun 2017 15:13:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.137.8 with HTTP; Wed, 28 Jun 2017 15:13:20 -0700 (PDT)
In-Reply-To: <22868.10096.929488.407450@gargle.gargle.HOWL>
References: <CAPXRkNEx44KFypaqj+hjrF+r8Es-xSmBTCcT2PED7XSrAchGNw@mail.gmail.com> <CACoZoo13PwvqZ6p6kuUAggTfBW0sF3absub0i7rFBXz50vLk5A@mail.gmail.com> <22868.10096.929488.407450@gargle.gargle.HOWL>
From: Dan Kegel <dank@kegel.com>
Date: Wed, 28 Jun 2017 22:13:00 -0000
Message-ID: <CAPF-yOZPH5m27Zy35x_6J96641yQrX7+HXnURLsjq3wNzxZWWg@mail.gmail.com>
Subject: Re: XLanuch.exe is a Trojan-It allows remote control of my pc without my knowledge or permission
To: cygwin@cygwin.com
Cc: Erik Soderquist <ErikSoderquist@gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-IsSubscribed: yes
X-SW-Source: 2017-06/txt/msg00401.txt.bz2

On Wed, Jun 28, 2017 at 3:02 PM,  <bzs@theworld.com> wrote:
> I would also think about X11 permissions. Someone might be scanning
> for activity on port 6000 (&c) and if they find something and it's not
> locked down (see for example 'xhost(1)') it's trivial to just launch
> X11 apps on your system which can cause all sorts of mischief.

Also note that Xlaunch starts the X server, and can supply the
commandline option needed to listen for connections on TCP.
Maybe you put that in by accident while following some tutorial?

It'd be interesting to see who's trying to connect to your
machine via port 6000.  Maybe run wireshark and listen for a while?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple