|
Security Incidents
mailing list archives
Re: New IIS exploit tool? Has anyone seen this pattern before?
From: "CT" <ct () arnet com ar>
Date: Tue, 30 Oct 2001 13:51:52 -0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
New version of Nimda (Nimda.E) Scan like this.
Best Regards.
CyRaNo
http://www.sarc.com/avcenter/venc/data/w32.nimda.e () mm html
- ----- Original Message -----
From: "Thomas Haeberlen" <Haeberlen () RUS Uni-Stuttgart DE>
To: <incidents () securityfocus com>
Sent: Tuesday, October 30, 2001 8:47 AM
Subject: New IIS exploit tool? Has anyone seen this pattern before?
Hello everybody,
has anyone seen this pattern of IIS attacks before? Could this be a
new exploit tool or something like "nimda2"? On the other hand it
seems that it is only trying the long known holes...
------------------------------- snip
----------------------------------
195.13.121.101 - - [30/Oct/2001:11:43:40 +0100] "GET
/scripts/root.exe?/c+dir+C:\ HTTP/1.0" 404 210 "-" "-"
195.13.121.101 - - [30/Oct/2001:11:43:40 +0100] "GET
/scripts/..%255c..%255cwinnt/
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBO97aonmlmOefWqOmEQJgjgCgnNFJm4ZB00LEfap5REwGckYrlnoAoJdt
t9waLRWayOdQYjpx00yEY0TY
=SQ3J
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
| 
Intro
