> Hello, > I and a few others I know are getting bombard on our machines with IIS > requests....looks like another worm, and its much smarter than before, it > seems to stay within the same class A and sometimes the same > class B as the > attacking machine is in. here is an excerpt of what i believe is the full > scan.... Be carefull ! don't surf on the infected server it seems to have a virus (readme.eml) loaded on the index page (IE+mediaplayer bug). The virus is readme.exe, but it don't seem to be troj_apost.a. The readme.eml is on the scripts directory or an other virtual directory. ------------------------------------------------------------------ Olivier DEMBOUR AXIPE Responsable Audit Parc de Garlande Tél : +33 (0) 1 55 58 17 41 1, rue de l'égalité GSM : +33 (0) 6 62 37 90 33 92220 BAGNEUX Email : olivier.dembourat_private Fax : +33 (0) 1 55 58 17 57 Fingerprint : 38B7 E954 BD45 C227 32B0 DD87 B5D7 6724 C919 803F ------------------------------------------------------------------ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 11:27:17 PDT