[svlug] scripts/root.exe, etc

S step1b at cyberspace.org
Thu Nov 29 02:22:01 PST 2001


Hi,
My apache logs has lots of the following stuff:
203.64.47.241 - - [19/Nov/2001:04:01:19 +0530] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276 "-" "-"
203.64.47.241 - - [19/Nov/2001:04:01:20 +0530] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 274 "-" "-"
203.64.47.241 - - [19/Nov/2001:04:01:22 +0530] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284 "-" "-"
203.64.47.241 - - [19/Nov/2001:04:01:26 +0530] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284 "-" "-"
203.64.47.241 - - [19/Nov/2001:04:01:31 +0530] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-
"

from google, i found out this is some code red virus.
Should I worry about this ?
Can I do something to stop this ?
I am on RH71.

thanks
S.




More information about the svlug mailing list