Re: New Virus in the wild

North American Network Operators Group

Re: New Virus in the wild

From: Gadi Evron
Date: Mon Jan 17 12:36:36 2005

Nils Ketelsen wrote:

We see a lot of requests of the following format in our proxy logs:

1105979310.010 240001 10.3.12.211 TCP_MISS/504
1458 GET http://84.120.14.236:25204/2005/1/17/11/23/32/ - NONE/- text/html
1105979314.020 240009 10.3.12.211 TCP_MISS/504
1458 GET http://67.171.84.104:25238/2005/1/17/11/23/41/ - NONE/- text/html
1105979316.077 240068 10.3.12.211 TCP_MISS/504
1460 GET http://213.188.227.50:25401/2005/1/17/11/23/43/ - NONE/- text/html

A very important question would be: do you see these URL's on ANY-HOST/permutation or SPECIFIC-HOSTS/permutation?

Gadi.

Follow-Ups:
- Re: New Virus in the wild Nils Ketelsen

References:
- New Virus in the wild Nils Ketelsen

Prev by Date: Re: The entire mechanism is Wrong!
Next by Date: Re: fwd: Re: [registrars] Re: panix.com hijacked
Date Index
Thread Index
Author Index
Historical