[plug] Nimda worm variant ?
Jon Miller
jlmiller at mmtnetworks.com.au
Tue Feb 11 18:45:28 WST 2003
Did you find out anything? I'm having the same problem here.
Jon L. Miller, MCNE, CNS
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au
"I don't know the key to success, but the key to failure
is trying to please everybody." -Bill Cosby
>>> kai.jones at broome.wa.gov.au 9:57:39 AM 11/02/2003 >>>
Hi everyone,
I'm seeing an increasing number of these requests on Apache:
ipd50a324a.speed.planet.nl - - [11/Feb/2003:07:17:10 +0800] "GET
/_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 HTTP/1.1"
404 333
ipd50a324a.speed.planet.nl - - [11/Feb/2003:07:17:12 +0800] "GET
/MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 HTTP/1.1"
404 333
I've read this may be a variant of Nimda and maybe I'm not looking in
the right places but I can't find good documentation to confirm it.
Anyone have any ideas ?
Thanks
Kai
More information about the plug
mailing list