Security Incidents mailing list archives

Massive CMD.EXE and ROOT.EXE scan

From: "Tulchinskiy, Sasha" <STulchinskiy () aspensys com>
Date: Tue, 18 Sep 2001 09:54:59 -0400

Hi All,

My IDS indicates that at 9:30 AM EST a new wave of IIS vulnerability
scanning had started.
They are looking for /c/winnt/system32/cmd.exe and root.exe, coming mostly
from American IPs.

Sasha Tulchinskiy
Aspen Security Team

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Massive CMD.EXE and ROOT.EXE scan Tulchinskiy, Sasha (Sep 18)
- <Possible follow-ups>
- Fwd: Massive CMD.EXE and ROOT.EXE scan Florian Piekert (Sep 18)
  - Re: Fwd: Massive CMD.EXE and ROOT.EXE scan John Q. Public (Sep 18)