[Dshield] New IIS directory traversal worm, or just a tool sig?
RoyR at justicetrax.com
Mon Nov 4 22:49:53 GMT 2002
I check all of mine for anything similar in the last week , sorry nothing similar other than the usual code red and nimbda hits
From: James C Slora Jr [mailto:Jim.Slora at phra.com]
Sent: Monday, November 04, 2002 11:50 AM
To: list at dshield.org
Subject: [Dshield] New IIS directory traversal worm, or just a tool sig?
Since Friday, I have seen this from nine different addresses. IIS directory
traversal attack is on the local system - not an HTTP CONNECT. The hostname
is being specified as "ww.tk.gov" (not a real public host), but this is just
window dressing on the attack.
Anyone else seen this?
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list