Nimda worm

Nick Tonkin Tue, 18 Sep 2001 15:53:34 -0700


Heh, as Nat maybe saw the worm doesn't always request ?/c+dir, so until I
can figure out a better way to identify it we'll have to go with
cmd.exe|root.exe

so my httpd.conf is now:

    <Location /default.ida>
        SetHandler perl-script
        PerlHandler Apache::MSIISProbes
        PerlSetVar worm_name CodeRed
    </Location>

    <LocationMatch (cmd.exe|root.exe)>           
        SetHandler perl-script
        PerlHandler Apache::MSIISProbes
        PerlSetVar worm_name Nimda
    </LocationMatch>





~~~~~~~~~~~
Nick Tonkin

Nimda worm

Reply via email to