[Dshield] Strange Worm !
scott at advancedtool.com
Wed Aug 8 14:07:00 GMT 2001
Ok, I don't mean for this to be a flame, but a real live observation.
Anyone participating in this list in the last say 24-72 hours should
be intimiately familiar with the signature of the Code Red II worm
Am I totally offbase here?
On 8 Aug 2001, at 6:50, johnr wrote:
> hi everyone,
> i'm running websnarf, a fake webserver to get the ip's of the worm-
> infected systems .. strange but the last one was just trying to attack
> me 4 times (!) now ... here's my log :
> $ websnarf v1.04 listening on port 80 (timeout=1 secs)
> 220.127.116.11 - - [08/Aug/2001:04:45:29 -0000] "GET
> XX XXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XX XXXXXXXXXXXXXXXXXX%u9090%u68
> 90 90%u8190%u00c3%u0003%u8b00%u 531b%u53ff%u0078%u0000%u00=a
More information about the list