[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
weird b.cgi
I recently noticed in httpd-access.log these entries
200.140.XXX.XXX - - [03/Sep/2002:16:42:28 +0000] "GET
/b.cgi?money&333596165&7503274E2F69 HTTP/1.1" 404 277 "-" "Mozilla"
62.98.XXX.XXX - - [03/Sep/2002:17:19:47 +0000] "GET
/b.cgi?money&332156089&538030224B00 HTTP/1.1" 404 277 "-" "Mozilla"
I searched info about b.cgi on google and it sais it's a worm that tries to
connect to a few listed sites, get some encrypted commands and execute them
on the virused host.
But why would he connect to my site ? (I even noticed such entries on my home
dial-up system). I suspect it's some worm/scanner (like codered 'n stuff) but
what vulnerability could someone find in b.cgi ?
Does anybody know something about this ?
BTW. I traced the IP to brazil... home of the script kidie groups... could it
be some of their ./haxor-script -scan_the_internet stuff ?
--
-------------------
Proud member of PentaGuard
"Making the net a safer place since 1998"
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com