Massive CMD.EXE and ROOT.EXE scan

From: Tulchinskiy, Sasha (STulchinskiyat_private)
Date: Tue Sep 18 2001 - 06:54:59 PDT

Next message: VanMeter, John: "New Worm or Attack"

Previous message: Olle Segerdahl: "Concept Virus(CV) V.5 - Quick analysis update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi All,

My IDS indicates that at 9:30 AM EST a new wave of IIS vulnerability
scanning had started.
They are looking for /c/winnt/system32/cmd.exe and root.exe, coming mostly
from American IPs.

Sasha Tulchinskiy
Aspen Security Team

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: VanMeter, John: "New Worm or Attack"
Previous message: Olle Segerdahl: "Concept Virus(CV) V.5 - Quick analysis update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 09:55:49 PDT