This is the Nimda virus. Andrew H. Turner <[EMAIL PROTECTED]> 703.284.4771 Pager: 877.580.7432 BBN Technologies, a Verizon company 1300 N. 17th Street, Suite 1200 Arlington, Virginia 22209
-----Original Message----- From: Ryan Ratkiewicz [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 15, 2001 1:18 PM To: [EMAIL PROTECTED] Subject: IIS Hack Attempt Can someone help me decipher this? 11:30:48 207.217.205.149 GET /scripts/root.exe 404 11:30:48 207.217.205.149 GET /MSADC/root.exe 404 11:30:49 207.217.205.149 GET /c/winnt/system32/cmd.exe 404 11:30:49 207.217.205.149 GET /d/winnt/system32/cmd.exe 404 11:30:49 207.217.205.149 GET /scripts/..%5c../winnt/system32/cmd.exe 500 11:30:49 207.217.205.149 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404 11:30:50 207.217.205.149 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404 11:30:50 207.217.205.149 GET /msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/system32/cmd.exe 500 11:30:50 207.217.205.149 GET /scripts/..Á ../winnt/system32/cmd.exe 500 11:30:50 207.217.205.149 GET /scripts/winnt/system32/cmd.exe 404 11:30:51 207.217.205.149 GET /winnt/system32/cmd.exe 404 11:30:51 207.217.205.149 GET /winnt/system32/cmd.exe 404 11:30:51 207.217.205.149 GET /scripts/..%5c../winnt/system32/cmd.exe 500 11:30:51 207.217.205.149 GET /scripts/..%5c../winnt/system32/cmd.exe 500 11:30:52 207.217.205.149 GET /scripts/..%5c../winnt/system32/cmd.exe 500 11:30:52 207.217.205.149 GET /scripts/..%2f../winnt/system32/cmd.exe 500 Thanks.
