[32499] in bugtraq
Re: Router Worm?
daemon@ATHENA.MIT.EDU (Jay Jacobson)
Wed Nov 19 19:01:46 2003
Date: Wed, 19 Nov 2003 15:49:26 -0700 (MST)
From: Jay Jacobson <jay@edgeos.com>
To: Chris Strom <cstrom@cos.com>
Cc: bugtraq@securityfocus.com
In-Reply-To: <20031119145409.17782.qmail@sf-www3-symnsj.securityfocus.com>
Message-ID: <Pine.LNX.4.58.0311191546170.24462@fw.kinetic.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 19 Nov 2003, Chris Strom wrote:
>
>
> I've received a strange HTTP request on my web site from two different sources. The request is logged as:
>
> SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
[snip]
> The request continues for a total of 32732 characters long (not shown).
[snip]
Hi Chris. This is an IIS WebDAV exploit. For more information, check out:
http://edgeos.com/threats/details.php?id=11413
http://www.fatelabs.com/library/fatelabs-ntdll-analysis.pdf
~Jay
..
.. Jay Jacobson
.. Edgeos, Inc. - 480.961.5996 - http://www.edgeos.com
..
.. Managed Vulnerability Assessment
.. Services for Information Security Professionals
..
