[Dshield] Shell-Autoresponder for Apache

John Hardin johnh at aproposretail.com
Wed Nov 14 01:00:28 GMT 2001


On Tue, 2001-11-13 at 13:09, Jochen Erwied wrote:
> 
> It does basically nothing but exploit the security hole in IIS and gets it
> IP-address from an already infected host. If successful, a message is
> displayed via 'net send 127.0.0.1' and 'net send *'.

I can just see it: two apache servers running this script attempting to
notify each other that they're infected - back and forth and back and
forth and back and forth... :)

[humor, folks.]

-- 
John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
 4 days until Leonid meteor shower




More information about the list mailing list