Security Incidents mailing list archives
Re: ZOMBIES_HTTP_GET
From: Patrick Oonk <patrick () pine nl>
Date: Mon, 24 Jun 2002 09:42:22 +0200
On Sun, Jun 23, 2002 at 12:45:16PM -0400, Kee Hinckley wrote:
Does anyone know what this is about? 80.14.144.19 - - [17/Jun/2002:17:40:42 -0400] "GET /instructions.txt HTTP/1.1" 302 332 "-" "ZOMBIES_HTTP_GET" 80.14.144.19 - - [17/Jun/2002:17:41:16 -0400] "GET /instructions.txt HTTP/1.1" 302 332 "-" "ZOMBIES_HTTP_GET" 67.218.5.187 - - [17/Jun/2002:18:04:11 -0400] "GET /infector.exe HTTP/1.1" 302 332 "-" "ZOMBIES_HTTP_GET" 67.218.5.187 - - [17/Jun/2002:18:04:32 -0400] "GET /infector.exe HTTP/1.1" 302 332 "-" "ZOMBIES_HTTP_GET" 80.14.144.19 - - [17/Jun/2002:18:23:38 -0400] "GET /instructions.txt HTTP/1.1" 302 332 "-" "ZOMBIES_HTTP_GET" 80.14.144.19 - - [17/Jun/2002:18:24:54 -0400] "GET /instructions.txt HTTP/1.1" 302 332 "-" "ZOMBIES_HTTP_GET" 195.131.106.186 - - [17/Jun/2002:18:25:12 -0400] "GET /instructions.txt HTTP/1.1" 302 332 "-" "ZOMBIES_HTTP_GET" 195.131.106.186 - - [17/Jun/2002:18:28:42 -0400] "GET /instructions.txt HTTP/1.1" 302 332 "-" "ZOMBIES_HTTP_GET"
As the above ip-addresses are all dialup or cable, it looks like yet another trojan. -- patrick oonk - pine internet - patrick () pine nl - www.pine.nl/~patrick T:+31-70-3111010 - F:+31-70-3111011 - Read news at http://security.nl PGPid A4E74BBF fp A7CF 7611 E8C4 7B79 CA36 0BFD 2CB4 7283 A4E7 4BBF Note: my NEW PGP key is available at http://www.pine.nl/~patrick/ Excuse of the day: root rot ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- ZOMBIES_HTTP_GET Kee Hinckley (Jun 23)
- Re: ZOMBIES_HTTP_GET Patrick Oonk (Jun 25)