It's a Code Red or Nimba attack, probably from an infected IIS server. On Thu, Dec 13, 2001 at 01:04:51PM -0500, Evgeniy Strokin wrote: > Hi, > tonight, somebody had tried hack our Tomcat 3.2.3 in win2000. > Here is the log: > > 2001-12-13 01:18:35 - Ctx( ): 404 R( + /scripts/root.exe + null) null > 2001-12-13 01:18:36 - Ctx( ): 404 R( + /MSADC/root.exe + null) null > 2001-12-13 01:18:42 - Ctx( ): 404 R( + /c/winnt/system32/cmd.exe + null) > null > 2001-12-13 01:18:46 - Ctx( ): 404 R( + /d/winnt/system32/cmd.exe + null)
[snip] > > Is it something serious or they had tried run NIMDA virus files or something > like that? > What do you think? > > Best regards, > Jenya Strokin -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
