Security Incidents mailing list archives
Re: new ADMscript worm ?
From: Edvard Tuinder <secu () lunytune nl>
Date: Wed, 5 Nov 2003 10:21:50 +0100
According to G.Mansur:
[Tue Nov 4 01:49:11 2003] [error] [client xx.xx.xx.xx] File does not exist: /var/www/htdocs/ ADMscript.23 initialized 2 One of them is running: Apache/1.3.20 Sun Cobalt (Unix) Chili!Soft-ASP/3.6.2 mod_ssl/2.8.4 OpenSSL/0.9.6b PHP/4.0.6 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.25 on Linux Anonther one is running: Apache/1.3.6 (Unix) Running: Linux 2.1.X|2.2.X OS details: Linux 2.1.19 - 2.2.25 We have seen allot of these across servers in Europe..
We haven't come across any of those ADMscript thingies. Is that particular client trying anything more, or does it just try to access this ADMscript? Once, or variations on the parameter? If the above quote from the error_log is exact, it seems a very sloppy attempt, considering the space. -Ed --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_incidents_031023 and use priority code SF4. ----------------------------------------------------------------------------
Current thread:
- new ADMscript worm ? G.Mansur (Nov 04)
- Re: new ADMscript worm ? Edvard Tuinder (Nov 05)