Re: what is default.ida
by "Jason K. Chapman" <theguild(at)interserv.com>
|
| Date: |
Sun, 05 Aug 2001 09:11:54 -0400 |
| To: |
hwg-techniques(at)hwg.org |
| In-Reply-To: |
lodz |
| |
todo: View
Thread,
Original
|
|
At 01:37 PM 8/5/2001 +0000, you wrote:
>Hi,
>
>I found in my Apache server logs that starting from August 4
>my server was asked for "default.ida" file.
>Request was done several times from different locations.
>
>What is that file for ?
>What is the content of that file ?
It's the default Indexing Server ISAPI filter on Microsoft's IIS Web
server. If the rest of the request consisted of a long string of seemingly
unintelligible characters, the entries are most likely from Code Red
infected servers attempting to pass the worm on (the worm spreads by
exploiting a buffer overflow fault.)
If you had been running an unpatched installation of IIS 4 or 5, you'd
already be infected.
Jason K. Chapman
--
THE HERETIC, a cyber thriller by Jason K. Chapman.
Online edition at <http://www.happyhacker.org/heretic/>. Softcover,
ISBN 1-929925-38-7. Latest news at <http://www.jasonkchapman.com>
HWG hwg-techniques mailing list archives,
maintained by Webmasters @ IWA