Actually, if you read by blog analysis of the zombies: http://www.codersrevolution.com/index.cfm/2008/8/10/My-analysis-of-the-SQL-injection-zombies
7% of the IPs returned a cookie I set. 75% of IPs that sent more than 2 hits returned my cookie. (Hits came in groups of two) I'm fairly convinced this bot used the Internet Explorer on the victims machine to send out the requests. I can't prove it, but it probably would have been easier for them to code that way. ~Brad ----- Original Message ----- From: "Andrew Scott" <[EMAIL PROTECTED]> To: "CF-Talk" <cf-talk@houseoffusion.com> Sent: Monday, August 11, 2008 3:37 AM Subject: RE: SQL injection attack on House of Fusion > Hmmm... > > Of course it is possible to use cookies.... They chose not too... Why... > Because they have no real need to be attached to a session.... > > Think about it for a minute or two... > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310718 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4