Fwd: Massive CMD.EXE and ROOT.EXE scan

From: Florian Piekert (floppy@floppy.org)
Date: 09/18/01


From: "Florian Piekert" <floppy@floppy.org>
To: "incidents@securityfocus.com" <incidents@securityfocus.com>
Date: Tue, 18 Sep 2001 19:44:33 +0200
Subject: Fwd: Massive CMD.EXE and ROOT.EXE scan
Message-Id: <20010918174434.494E01B2078@platinum.floppy.org>


-----BEGIN PGP SIGNED MESSAGE-----

Most of the used IPs seem to be spoofed though 8(

- -------
Hi All,

My IDS indicates that at 9:30 AM EST a new wave of IIS vulnerability
scanning had started.
They are looking for /c/winnt/system32/cmd.exe and root.exe, coming mostly
from American IPs.

Sasha Tulchinskiy
Aspen Security Team

- ----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

===================END FORWARDED MESSAGE===================

Florian Piekert floppy@floppy.{de,org,net}

<simply private... need a key? MY PGPP key? eMail me....>

Voice & Fax +1001000010100101011000110110001010110101100

PGP Public Key Fingerprint: 72E9 D42A 51E8 29CA EE42 6029 5EF6 E9AB

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies.

iQCVAwUBO6d58n4TBaVbilM9AQEx5AQAoFxoSGGGF5z11HhAPjq/0GZNH6pyoUvs
W9kXW3eTjnjByQKLyANvpxB0q5mPnJRL2g2bLNz6T127+tSuaEmTXb5kBm+eUxU7
xRX/ANuf6XRNRR2ltBPry+h7Ok7FHWUQd5k56yWEk40ZXRzTra8ZPuAadE8DCttZ
kH+0lPanm4I=
=lh7B
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com