[FSF India] Even more Annoying MS Worm
Rajkumar S.
raj@gnu.org.in
Wed, 19 Sep 2001 01:32:48 +0530 (IST)
Hi all,
While I was debugging a web program I noticed strange log entries in
my apache errorlog. like this
[Thu Sep 20 01:26:17 2001] [error] [client 202.88.131.133] File does
not exist: /var/www/scripts/..A ../winnt/system32/cmd.exe
[Thu Sep 20 01:26:17 2001] [error] [client 202.88.131.133] File does
not exist: /var/www/scripts/..A ../winnt/system32/cmd.exe
[Thu Sep 20 01:26:18 2001] [error] [client 202.88.131.133] File does
not exist: /var/www/scripts/..%5c../winnt/system32/cmd.exe
[Thu Sep 20 01:26:18 2001] [error] [client 202.88.131.133] File does
not exist: /var/www/scripts/..%2f../winnt/system32/cmd.exe
[Thu Sep 20 01:28:02 2001] [error] [client 202.88.151.7] File does not
exist: /var/www/scripts/root.exe
First I thought that that ass was trying to attack me. Later I found
in slashdot that this is a new even more dangerous worm exploiting the
Unicode Web Traversal Exploit of IIS.
More info see
http://www.sarc.com/avcenter/venc/data/pf/w32.nimda.a@mm.html
and btw, my error log is getting filled up Bast****!!
raj