[77283] in North American Network Operators' Group
Re: New Virus in the wild
daemon@ATHENA.MIT.EDU (Gadi Evron)
Mon Jan 17 12:35:52 2005
Date: Mon, 17 Jan 2005 19:44:37 +0200
From: Gadi Evron <ge@linuxbox.org>
To: Nils Ketelsen <nils.ketelsen@kuehne-nagel.com>
Cc: nanog@merit.edu
In-Reply-To: <20050117113912.A19486@torzimon>
Errors-To: owner-nanog-outgoing@merit.edu
Nils Ketelsen wrote:
> We see a lot of requests of the following format in our proxy logs:
>
> 1105979310.010 240001 10.3.12.211 TCP_MISS/504
> 1458 GET http://84.120.14.236:25204/2005/1/17/11/23/32/ - NONE/- text/html
> 1105979314.020 240009 10.3.12.211 TCP_MISS/504
> 1458 GET http://67.171.84.104:25238/2005/1/17/11/23/41/ - NONE/- text/html
> 1105979316.077 240068 10.3.12.211 TCP_MISS/504
> 1460 GET http://213.188.227.50:25401/2005/1/17/11/23/43/ - NONE/- text/html
A very important question would be: do you see these URL's on
ANY-HOST/permutation or SPECIFIC-HOSTS/permutation?
Gadi.
