New Virus in the wild
Gadi Evron
ge at linuxbox.org
Mon Jan 17 17:44:37 UTC 2005
Nils Ketelsen wrote:
> We see a lot of requests of the following format in our proxy logs:
>
> 1105979310.010 240001 10.3.12.211 TCP_MISS/504
> 1458 GET http://84.120.14.236:25204/2005/1/17/11/23/32/ - NONE/- text/html
> 1105979314.020 240009 10.3.12.211 TCP_MISS/504
> 1458 GET http://67.171.84.104:25238/2005/1/17/11/23/41/ - NONE/- text/html
> 1105979316.077 240068 10.3.12.211 TCP_MISS/504
> 1460 GET http://213.188.227.50:25401/2005/1/17/11/23/43/ - NONE/- text/html
A very important question would be: do you see these URL's on
ANY-HOST/permutation or SPECIFIC-HOSTS/permutation?
Gadi.
More information about the NANOG
mailing list