Security Incidents mailing list archives

Fwd: Massive CMD.EXE and ROOT.EXE scan

From: "Florian Piekert" <floppy () floppy org>
Date: Tue, 18 Sep 2001 19:44:33 +0200

-----BEGIN PGP SIGNED MESSAGE-----

Most of the used IPs seem to be spoofed though 8(


- -------
Hi All,

My IDS indicates that at 9:30 AM EST a new wave of IIS vulnerability
scanning had started.
They are looking for /c/winnt/system32/cmd.exe and root.exe, coming mostly
from American IPs.

Sasha Tulchinskiy
Aspen Security Team

- ----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com



===================END FORWARDED MESSAGE===================



Florian Piekert                floppy@floppy.{de,org,net}

<simply private... need a key? MY PGPP key? eMail me....>

Voice & Fax +1001000010100101011000110110001010110101100

PGP Public Key Fingerprint: 72E9 D42A 51E8 29CA  EE42 6029 5EF6 E9AB

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies.

iQCVAwUBO6d58n4TBaVbilM9AQEx5AQAoFxoSGGGF5z11HhAPjq/0GZNH6pyoUvs
W9kXW3eTjnjByQKLyANvpxB0q5mPnJRL2g2bLNz6T127+tSuaEmTXb5kBm+eUxU7
xRX/ANuf6XRNRR2ltBPry+h7Ok7FHWUQd5k56yWEk40ZXRzTra8ZPuAadE8DCttZ
kH+0lPanm4I=
=lh7B
-----END PGP SIGNATURE-----



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Massive CMD.EXE and ROOT.EXE scan Tulchinskiy, Sasha (Sep 18)
- <Possible follow-ups>
- Fwd: Massive CMD.EXE and ROOT.EXE scan Florian Piekert (Sep 18)
  - Re: Fwd: Massive CMD.EXE and ROOT.EXE scan John Q. Public (Sep 18)