It looks more like a hack attack
It is not a worm, but just someone trying to use the unicode hack!
At my work we have been hacked by people using this hack.
I have no links for you and can't look them up, thanks to my ISP.
I can only view a very few pages, so search for "unicode hack IIS"
or something and most probably you'll get the info you want.
----- Original Message -----
From: "Darrell May" <[EMAIL PROTECTED]>
To: "Dan York" <[EMAIL PROTECTED]>; "Darrell May" <[EMAIL PROTECTED]>
Cc: "E-smith developers list" <[EMAIL PROTECTED]>
Sent: Tuesday, September 18, 2001 7:57 PM
Subject: Re: [e-smith-devinfo] FYI - new worm appears to be hitting
Microsoft IIS servers
>
> Dan York <[EMAIL PROTECTED]> said:
>
> > Actually, you may have even more. Someone just pointed out to me that
> > I should also search for 'root.exe':
>
> Arghhhhhh. Ok, updated for root.exe as well
>
> CodeRed = 0
> CodeRed II = 248
> cmd.exe = 3179
> root.exe = 477
>
> http://myezserver.com/downloads/mitel/apache-hits.zip
>
> --
> Darrell May
> DMC NETSOURCED.COM
> http://netsourced.com
>
>
>
> --
> Please report bugs to [EMAIL PROTECTED]
> Please mail [EMAIL PROTECTED] (only) to discuss security issues
> Support for registered customers and partners to [EMAIL PROTECTED]
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> Archives by mail and
http://www.mail-archive.com/devinfo%40lists.e-smith.org
>
>
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
