http://www.onlamp.com/pub/a/apache/2001/08/16/code_red.html
Freshmeat and Google will turn up a bunch of them .. On Thu, 2 Jan 2003, A Page in the Life of ... wrote: > -=> From: Betsy Schwartz <[EMAIL PROTECTED]> > -=> > -=> That's the Code Red worm which caused so much fuss last year. Won't hurt > -=> your Unix server any. You may wish to let the scanning address's owner know > -=> that they're infected though > > Has anyone written a log-parser that walks the logs, finds those lines > (possibly strips them out) and contacts webmaster or the like at the > originating addresses? Or, being windows boxes, is it likely that they > didn't set up those addreses, and it would just be frustraiting? > > -dkap > > -=> At 10:00 AM 1/2/2003 -0500, Dima wrote: > -=> > -=> >66.189.100.35 - - [02/Jan/2003:08:08:31 -0500] "GET > -=> >/scripts/root.exe?/c+dir HTTP/1.0" 404 282 > -=> >66.189.100.35 - - [02/Jan/2003:08:08:31 -0500] "GET /MSADC/root.exe?/c+dir > -=> >HTTP/1.0" 404 280 > -=> > -=> > -=> --- > -=> Send mail for the `bblisa' mailing list to `[EMAIL PROTECTED]'. > -=> Mail administrative requests to `[EMAIL PROTECTED]'. > -=> > > > --- > Send mail for the `bblisa' mailing list to `[EMAIL PROTECTED]'. > Mail administrative requests to `[EMAIL PROTECTED]'. > --- Send mail for the `bblisa' mailing list to `[EMAIL PROTECTED]'. Mail administrative requests to `[EMAIL PROTECTED]'.
