|
Security Incidents
mailing list archives
Script I haven't seen? Or human directed?
From: "Keith T. Morgan" <keith.morgan () terradon com>
Date: Thu, 7 Nov 2002 09:18:13 -0500
We recieved several "code red" style probes for cmd.exe and the like. The probes used the typical method of searching
for all default IIS +execute permissioned directories. However, some of the details of the GET requests, I haven't
seen before today. Here's an example GET.
http://216.12.96.114/scripts/boo.bat/..%C1%9C..%C1%9C..%C1%9C..%C1%9C.%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+echo+MinhaNossaSenhoraDoPerpetuoSocorro
I haven't seen requests for a boo.bat. I also haven't seen this particular echo command that was common to all of the
requests for cmd.exe. Every one of them attempted to echo "MinhaNossaSenhoraDoPerpetuoSocorro"
Some new script? Has anyone else seen these?
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
- Script I haven't seen? Or human directed? Keith T. Morgan (Nov 07)
|
Intro
