Re: [suse-security] WEB IIS cmd exe requests
It IS actually a scan for the CodeRed II backdoor See http://www.sarc.com/avcenter/venc/data/codered.ii.html Michael
Hi there ! I noticed this one too in my logfile since a couple of hours. You can actually see the filesystem on the infected systems. I did this by trying. http://62.226.140.119/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/.... exe?/c+dir ^^^^^^^^^^^^^^ IP of the infected System Greetings Martin
-----Original Message----- From: michael.ryan@storm.ie [mailto:michael.ryan@storm.ie] Sent: Tuesday, September 18, 2001 5:16 PM To: suse-security@suse.com Subject: Re: [suse-security] WEB IIS cmd exe requests
It IS actually a scan for the CodeRed II backdoor
See http://www.sarc.com/avcenter/venc/data/codered.ii.html
Michael
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
People, Please don't post HTML, esp. as an attachment... It won't be included in the archive and it almost guarantees that your post won't won't be read. Thanks, -- -ckm ________________________________________ / Please read RFC 1855 \ \________________________________________/ \ ^__^ \ (xx)\_______ (__)\ )\/\ <> ||----w | || ||
participants (4)
-
Christopher Mahmood -
Hansueli Schwaninger -
Martin Knipper -
michael.ryan@storm.ie