[svlug] Any idea what kind of virus/worm is this?
glin at employees.org
Fri Mar 26 17:35:52 PST 2004
Today, I am starting seeing a host consistently making HTTP requests to my
Linux web server (about 1 request every 2 minutes). The request
header looks something like:
SEARCH /?....(about 64K of large binary code)... HTTP/1.1
Host: <My ip address>
Any idea what type of virus/worm this is? The larget request line looks like
some sort of buffer overflow attack. I hope this is not something I need
to worry about for apache (since the hack pattern looks like is intend for
victims with IIS servers). Thought if anyone has similar experience?
More information about the svlug