On Fri, Jul 20, 2001 at 12:15:46PM -0600, Don Papp spake thusly: > I wonder if I have seen this variant - a person I emailed has a > server whose web pages served looks a lot like the Code Red worm's output > (1 line of simple html) displaying > > FUCK CHINA GOVERNENT > and p0isonb0x (or something like that) > > On a black background. The web files themselves are untouched. I think this was something else - maybe a similar worm, but it used a different attack: "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+copy+c:\winnt\system32\cmd.exe+c:\inetpub\scripts\ shell.exe" 404 - The machine that sent that to me had that same web page up, and I also got one from a different IP (on the same subnet) a few hours before that. That was a week ago though - July 13... -- Jon-o Addleman
This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 14:59:50 PDT