RE: New Attack / New Vulnerability?

From: Quarantine (Quarantine@GSCCCA.ORG)
Date: 02/27/02

From: Quarantine <Quarantine@GSCCCA.ORG>
To: "'Sterling Moses'" <>,
Date: Wed, 27 Feb 2002 14:40:11 -0500

A Google search points to Nimda traffic, and TruSecure actually reported
this specific DLL in their alert from September 19,
shtml). The DLL is for Microsoft SharePoint Team Server

-----Original Message-----
From: Sterling Moses []
Sent: Wednesday, February 27, 2002 12:11 PM
Subject: New Attack / New Vulnerability?

Is there a new vulnerability out?

We monitor hundreds of financial IIS servers and have noticed many requests
for the following:

GET /_vti_bin/owssvr.dll 404

These requests originate from multiple IP addresses, and hit different
machines on
different networks.

Based on the traffic and number of entries I can guess these are not
targeted attacks, but seem to be opportunistic
in nature.

Any information would be helpful.


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: