Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Martin Knipper (Martinmk-os.de)
Date: Tue Sep 18 2001 - 11:18:49 CDT
Hi there !
I noticed this one too in my logfile since a couple of hours.
You can actually see the filesystem on the infected systems.
I did this by trying.
IP of the infected System
> -----Original Message-----
> From: michael.ryanstorm.ie [mailto:michael.ryanstorm.ie]
> Sent: Tuesday, September 18, 2001 5:16 PM
> To: suse-securitysuse.com
> Subject: Re: [suse-security] WEB IIS cmd exe requests
> It IS actually a scan for the CodeRed II backdoor
> See http://www.sarc.com/avcenter/venc/data/codered.ii.html
> To unsubscribe, e-mail: suse-security-unsubscribesuse.com
> For additional commands, e-mail: suse-security-helpsuse.com
-- To unsubscribe, e-mail: suse-security-unsubscribesuse.com For additional commands, e-mail: suse-security-helpsuse.com