> > A little more info to add about the IIS part of the attack... > > The following files were created in C:\ > > 05/07/01 05:41a 289 default.asp > 05/07/01 05:41a 289 default.htm > 05/07/01 05:41a 289 index.asp > 05/07/01 05:41a 289 index.htm > > The same files were created in C:\InetPub and every subdirectory under > C:\InetPub. > > A question... How did they automate the creation of these files in every > \InetPub subdirectory? I can't think of a simple command line to do that. > Take a look at these pages: http://www.zdnet.com/intweek/stories/news/0,4164,5082732,00.html http://attrition.org/security/commentary/worm01.html
This archive was generated by hypermail 2b30 : Mon May 14 2001 - 15:39:21 PDT