RE: Nimda

Subject: RE: Nimda
From: fulghum, matt (matt2@bcc.cba.ua.edu)
Date: Fri Sep 21 2001 - 13:34:07 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Brian Watson: "Re: Nimda"
• Previous message: Brian Watson: "Nimda"
• Maybe in reply to: Brian Watson: "Nimda"
• Next in thread: Brian Watson: "Re: Nimda"
• Maybe reply: fulghum, matt: "RE: Nimda"

Yep.

-----Original Message-----
From: Brian Watson [mailto:bcwatso1@uiuc.edu]
Sent: Friday, September 21, 2001 2:30 PM
To: yellowdog-general@lists.yellowdoglinux.com
Subject: Nimda

24.129.1.10 - - [18/Sep/2001:13:11:31 -0400] "GET
/scripts/root.exe?/c+dir HTTP$
24.129.1.10 - - [18/Sep/2001:13:11:31 -0400] "GET
/MSADC/root.exe?/c+dir HTTP/1$
24.129.1.10 - - [18/Sep/2001:13:11:32 -0400] "GET
/c/winnt/system32/cmd.exe?/c+$
24.129.1.10 - - [18/Sep/2001:13:11:33 -0400] "GET
/d/winnt/system32/cmd.exe?/c+$
24.129.1.10 - - [18/Sep/2001:13:11:34 -0400] "GET
/scripts/..%255c../winnt/syst$
24.129.1.10 - - [18/Sep/2001:13:11:34 -0400] "GET
/_vti_bin/..%255c../..%255c..$
24.129.1.10 - - [18/Sep/2001:13:11:35 -0400] "GET
/_mem_bin/..%255c../..%255c..$

Is this a Nimda infected machine?

--Brian

• Next message: Brian Watson: "Re: Nimda"
• Previous message: Brian Watson: "Nimda"
• Maybe in reply to: Brian Watson: "Nimda"
• Next in thread: Brian Watson: "Re: Nimda"
• Maybe reply: fulghum, matt: "RE: Nimda"

This archive was generated by hypermail 2a24 : Fri Sep 21 2001 - 12:42:12 MDT