Yeah - it looks like it has similar infection vectors to Code Red. I'm getting hits from 61/8 which my adsl box is a member of. Microsoft need to have their ass kicked over this crap. Whats up with running an exe in windows media player without asking. Although truth be known I think it's possibly all the users to blame. Everyone wanting more functionality at the expense of security. Was only a matter of time till someone either wrote a worm or took a knife on a plane. On Wed, Sep 19, 2001 at 10:29:03AM +1200, robbie_gernandt(a)wilsonandhorton.co.nz wrote:
W32.Nimda.A(a)mm
GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../ ..%c1%1c../winnt/system32/cmd.exe?/c+dir GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
We're getting hit at about 72 hits per minute, mostly from 203.x.x.x
Robbie Gernandt Network Consultant Wilson & Horton Ltd
*************************************************************************** This may contain privileged and confidential information intended only for the use of the intended recipient. If you are not the intended recipient of this message, any use, dissemination, distribution or reproduction of this message is prohibited. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Wilson & Horton Limited. For more information on Wilson & Horton please visit our web site at http://www.wilsonandhorton.co.nz ***************************************************************************
To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog