Hello,
I need some help with the following messages that had been appeared in my
CacheFlow access log file.
200.xxx.xxx.xxxTCP_ERR_MISS/301 162 GET
http://www/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir - DIRECT/- -
200.xxx.xxx.xxx TCP_ERR_MISS/301 162 GET http://www/scripts/root.exe?/c+dir
- DIRECT/- -
What this messages supposed to mean? they came up from dozens of diferents
IP address.
Also there´s severals .ida requests messages like this
200.xxx.xxx.xxx TCP_ERR_MISS/503 2874 GET
http://200.xxx.xxx.xxx/default.ida?XXXXX... XXXXXXXXXXXX
XXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190
%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a - DIRECT/- -
Now, in this case....the first IP address is the one that is infected with
de red code, right?
and the second one its the host that is trying to infect? so...if the second
one is not a machine
running IIS, those mesagges doesnt really care, right?
Thanks,
Walter
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp