[Gllug] Code Blue

John Hearns john.hearns at framestore.co.uk
Tue Sep 18 15:45:18 UTC 2001


Looks like there is a new worm out there.
I've had several emails from securityfocus,
and also there's a thread on Slashdot.

We're being quite aggressively scanned at the moment,
for example:

193.96.228.56 - - [18/Sep/2001:14:52:05 +0100] "GET 
/MSADC/root.exe?/c+dir HTTP/1.0" 404 208
193.96.228.56 - - [18/Sep/2001:14:52:05 +0100] "GET 
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218
193.96.228.56 - - [18/Sep/2001:14:52:05 +0100] "GET 
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218
193.96.228.56 - - [18/Sep/2001:14:52:06 +0100] "GET 
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232


So batten down the hatches, and warn your colleagues running IIS to get 
their systems patched...
or run Apache!



-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list