[plug] Nimda worm variant ?
Kai Jones
kai.jones at broome.wa.gov.au
Tue Feb 11 09:57:39 WST 2003
Hi everyone,
I'm seeing an increasing number of these requests on Apache:
ipd50a324a.speed.planet.nl - - [11/Feb/2003:07:17:10 +0800] "GET
/_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 HTTP/1.1"
404 333
ipd50a324a.speed.planet.nl - - [11/Feb/2003:07:17:12 +0800] "GET
/MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 HTTP/1.1"
404 333
I've read this may be a variant of Nimda and maybe I'm not looking in
the right places but I can't find good documentation to confirm it.
Anyone have any ideas ?
Thanks
Kai
More information about the plug
mailing list