Norman Bunn wrote: > > One of my sites is being hammered with something trying to execute > Windows-type programs via the browser. Since I capture 404s, I am seeing > all this activity. Fortunately, this machine is running Linux, not Windows. > The attack is coming from multiple domains and is trying what appear to be > common directories for the Windows executables. Started this morning - active as hell: Looks like Code Red on steroids. :-( http://www.slashdot.org/ http://www.newsbytes.com/news/01/170225.html http://www.sarc.com/avcenter/venc/data/w32.nimda.a@mm.html http://www.nipc.gov/warnings/advisories/2001/01-021.htm http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security/bulletin/ms01-020.asp http://www.cert.org/current/current_activity.html#port80 http://hacktivism.openflows.org/article.pl?sid=01/08/13/1237245&mode=nocomment http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0109&L=ntbugtraq&F=P&S=&P=1747 http://vil.mcafee.com/newVirus.asp - Joe -- ................... Joe Crawford \\ Web Design & Development ..... mailto:jcrawford at avencom.com \\ http://www.avencom.com .... San Diego \\ CA \\ USA \\ AVENCOM: Set Your Sites Higher