[svlug] Any idea what kind of virus/worm is this?

Gary Lin glin at employees.org
Fri Mar 26 17:35:52 PST 2004

Previous message: [svlug] Change: Books for LUG of Iraq get together
Next message: [svlug] Any idea what kind of virus/worm is this?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

Today, I am starting seeing a host consistently making HTTP requests to my 
Linux web server (about 1 request every 2 minutes).  The request 
header looks something like:

SEARCH /?....(about 64K of large binary code)... HTTP/1.1
Host: <My ip address>
Content-Type: text/xml
Content-Length: 1399

Any idea what type of virus/worm this is?  The larget request line looks like 
some sort of buffer overflow attack.  I hope this is not something I need
to worry about for apache (since the hack pattern looks like is intend for
 victims with IIS servers).  Thought if anyone has similar experience?

-- Gary

Previous message: [svlug] Change: Books for LUG of Iraq get together
Next message: [svlug] Any idea what kind of virus/worm is this?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list