On Mon, 6 Aug 2001 17:06:19 -0400, "Tim" <webmaster@crazy-horse.net> wrote: >While going through my logs I happened to notice an AOL address and decided >... >Nothing unusual there.... >Check out the 404 while i was testing for the Trojan aspect of the newer >variant: >---------- >HTTP Error 404 >404 Not found ("/c/winnt/system32/cmd.exe?/c+dir") I'm 95% sure it has nothing to do with Star Office. It appears to be an ordinary HTTP request looking for a MS IIS server that is set up with a virtual directory rooted at the root of the C: drive and named c It then tries to execute a dir command to list out the contents of System32. I just tried it with the Peer Web server on my NT workstation. I created a virtual directory with the same name as the drive letter of my system partition (which isn't C:, though that's just circumstance). I then fired up IE and asked for: thishostname.mydomain.com/e/winnt/system32/cmd.exe?/c+dir (with the real names) and got a very pretty listing of the contents of my System32 directory. The Star Office HTTP server reported it simply because that was apparently the one that was listening on port 80 at the time. Needless to say, that virtual directory isn't there any more! (Though I firwall off all SYN packets sent to it anyway.) HTH, Ray Simard ray.simard@sylvan-glade.com
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 19:32:09 PDT