They look like unicode + codered and nimda attacks.
Regards,
-
Muhammad Faisal Rauf Danka
Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
voice: 92-021-111-GEMNET
Vice President
Pakistan Computer Emergency Responce Team (PakCERT)
web: www.pakcert.org
Hello all and forgive my ignorance in this area.
Hello
Below is a snippet from the logs. Can anyone tell by
looking at it:
1. What type of vulnerabilities were they looking for?
look downward
2. Does the fact the it says Rejected by urlscan imply
that URLScan from M$
is
1) This is a code red v2 infection attempt.
Unfortunately web server admins are having to class these as just normal
background traffic. Please people - MAKE SURE YOU ARE PATCHED!
Looking for holes left by CR v1
GET /Rejected-By-UrlScan
~/scripts/root.exe 404 123 -
