Gabor

        I've seen this in the wild at several of my clients before, but
always with a 404. I've added it to my normal searches, but still just a
bunch of 404s, even on minimally unpatched systems. All of which are
IIS4/5. I remember reading about this vulnerability, but didn't expect to
see the script kiddies trying it. All occurrences appear to be just an
addition to their scripts.

Thanks,
Matthew Brown, CISSP

Gabor Tokaji <gtokajiEMSD.HU>
08/23/2001 02:39 PM
Please respond to "Discussion regarding Windows-related security
vulnerabilities and risks."

        To: win2ksecadviceLISTSERV.NTSECURITY.NET
        cc:
        Subject: Re: -- [ iSecureLabs BadBlue v1.02 beta for Windows 98, ME
and 2000 Advisory ] --

does anybody know of a new worm taking rounds out there? I keep getting

2001-08-23 16:37:51 x.x.x.x - x.x.x.x 80 GET /NULL.printer - 404 -

requests more and more often. It begun a couple of days ago. All machines
sending these to mine are win2k machines. doesn't look like kids probing -
it looks more organized.

G.

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]