[42713] in North American Network Operators' Group
Nimda & Yahoo
daemon@ATHENA.MIT.EDU (Bill Larson)
Wed Sep 19 12:26:02 2001
Message-ID: <000b01c14127$abfd03a0$2223f8d8@compu.net>
From: "Bill Larson" <blarson@compu.net>
To: <nanog@nanog.org>
Date: Wed, 19 Sep 2001 11:25:13 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0008_01C140FD.BFBFB4C0"
Errors-To: owner-nanog-outgoing@merit.edu
This is a multi-part message in MIME format.
------=_NextPart_000_0008_01C140FD.BFBFB4C0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Well It looks as if the Yahoo Corporate network is infected.
hilla.corp.yahoo.com - [19/Sep/2001:11:22:10 -0500] "GET =
/scripts/root.exe?/c+dir HTTP/1.0" 404 280 "-" "-"
If anyone from Yahoo is reading this list you might want to start =
scanning systems.
---
Bill Larson
Network Administrator
Compu-Net Enterprises
------=_NextPart_000_0008_01C140FD.BFBFB4C0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Well It looks as if the Yahoo Corporate =
network is=20
infected.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>hilla.corp.yahoo.com - =
[19/Sep/2001:11:22:10 -0500]=20
"GET /scripts/root.exe?/c+dir HTTP/1.0" 404 280 "-" "-"<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>If anyone from Yahoo is reading this =
list you might=20
want to start scanning systems.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> </DIV></FONT>
<DIV><FONT face=3DArial size=3D2>---<BR>Bill Larson<BR>Network=20
Administrator<BR>Compu-Net Enterprises<BR></FONT></DIV></BODY></HTML>
------=_NextPart_000_0008_01C140FD.BFBFB4C0--
