[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Exploit Identification Request

To: System Administrator <root@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Exploit Identification Request
From: Thorolf <thorolf@xxxxxxxxxxxxxxxxx>
Date: Thu, 29 Apr 2004 16:52:58 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,

I have few alerts in 24h,


[5]-root@thor:ttyp3[log] #grep "194.xx.xx.xx" httpd-access.log
194.xx.xx.xx - - [26/Apr/2004:12:22:36 +0000] "SEARCH
/\x90\x02\xb1\x02\xb1\x0
2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
...

It looks like some mutation of worm/virus it use this bug,

http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx

Look at this ...
http://seclists.org/lists/incidents/2004/Mar/0107.html


Regards,
Rafal Lesniak

- --
- - Administrator
- - Run for your lives, death has arrived
- - Try save your soul, run from the sound of rowing oars
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iQCVAwUBQJEWz+2ijGMJcqkLAQJi4gP+IGTPHBUYU83GIF/uv8nQ1zsLqkxPDeoy
m/SY9oFA1lamAHEHqh4i0F58LWJ40qPCF/RA/Nb+IHygReSSN/EQNnH8Cbzb4A4B
RvIMLuPsqipwSYpzzxILMxhp/Nl8ExlgWQdwS81jL9GKcWkVL7pVQ7w69Zyj6G+D
cL/kdP6VgT0=
=kcOt
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Exploit Identification Request
  - From: System Administrator

Prev by Date: Re: [Full-Disclosure] Exploit Identification Request
Next by Date: Re: [Full-Disclosure] Heads up: Possible lsass worm in the wild
Previous by thread: Re: [Full-Disclosure] Exploit Identification Request
Next by thread: Re: [Full-Disclosure] Exploit Identification Request
Index(es):
- Date
- Thread