[mdk-re] Вирус!!

[Anton Farygin]

Maxim Ivanov wrote:

> Hello mandrake-russian,
> 
> Сегодня с утра в логах Апача нашел следующее:
> 
> 
> [Wed Sep 19 01:37:42 2001] [error] [client 172.16.10.217] File does not exist: /var/www/html/scripts/..Б../winnt/system32/cmd.exe
> [Wed Sep 19 01:37:42 2001] [error] [client 172.16.10.217] File does not exist: /var/www/html/scripts/..А╞../winnt/system32/cmd.exe
> [Wed Sep 19 01:37:42 2001] [error] [client 172.16.10.217] File does not exist: /var/www/html/scripts/..Б°../winnt/system32/cmd.exe
> [Wed Sep 19 01:37:42 2001] [error] [client 172.16.10.217] File does not exist: /var/www/html/scripts/..%5C../winnt/system32/cmd.exe
> [Wed Sep 19 01:37:42 2001] [error] [client 172.16.10.217] File does not exist: /var/www/html/scripts/..%2F../winnt/system32/cmd.exe
> [Wed Sep 19 01:40:05 2001] [error] [client 172.16.10.175] File does not exist: /var/www/html/scripts/root.exe
> [Wed Sep 19 01:40:05 2001] [error] [client 172.16.10.175] File does not exist: /var/www/html/MSADC/root.exe
> [Wed Sep 19 01:40:05 2001] [error] [client 172.16.10.175] File does not exist: /var/www/html/c/winnt/system32/cmd.exe
> [Wed Sep 19 01:40:05 2001] [error] [client 172.16.10.175] File does not exist: /var/www/html/d/winnt/system32/cmd.exe
> [Wed Sep 19 01:40:05 2001] [error] [client 172.16.10.175] File does not exist: /var/www/html/scripts/..%5C../winnt/system32/cmd.exe
> 
> 
> Это что ж такое творится ??
> У меня в Линуксе завелся winnt32 ?!!

Нет, но на 172.16.10.175 - точно завелся. ;-)

Самый простой способ - послать письмо админу и прописать этот хост в 
ipchains что бы не доставал.

Rgds
Rider


-- 

+------------------------------------------------------------+
! ALT Linux Team http://www.altlinux.ru	<rider на altlinux.ru>  !
! tel/fax +7 095 2039698				     !
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++!
! LRN Team	http://www.lrn.ru	<rider на linux.ru.net> !
+------------------------------------------------------------+