[CLUG-chat] What is "default.ida"

Gary Marshall gary at evalunet.co.za
Mon Jun 9 14:03:31 SAST 2003


Hi

http://www.google.com/search?sourceid=mozclient&ie=utf-8&oe=utf-8&q=default.ida

gives as the first two results

Apache Week. Code Red requests for /default.ida
... First published: 17th August 2001. Code Red requests for /default.ida.
We receive a large number of messages from system administrators ...
www.apacheweek.com/features/codered - 14k - Cached - Similar pages
default.ida - short info
Code Red, the "default.ida" based worm. ... This worm doesn't have any link
with IDA
Pro itself, it uses an vulnerability called "default.ida" in Microsoft IIS .
...
www.datarescue.com/fprot/virinfo/defaultida.htm - 10k - Cached - Similar
pages

Which would make it seem to be some silly person who still has the Code Red
worm running on their machine.

G

----- Original Message ----- 
From: "Mike Morris" <mike.morris at cocosoft.co.za>
To: <clug-chat at clug.org.za>
Sent: Monday, June 09, 2003 11:22 AM
Subject: [CLUG-chat] What is "default.ida"


> Lately I've had a bunch of attempts to GET a file called "default.ida"
> from my webserver.  Seems to be an IIS thing and somebody(bodies) trying
> to crack or otherwise hammer on the server.
>
> Just curious to know what this "default.ida" file is supposed to
> do/contain, and any suggestions for attaching something nasty to/in
> it... ;-)
>
> -- 
> mike morris
> cOcO software
>
> email: mike.morris (at) cocosoft . co . za
>         mike.morris (at) coco-technologies . co . za
>
> ph:    (Local) 044 388 4635
>         (Int'l) +27 44 388 4635
>
> ----- A day without chillies is a day wasted ------
>
>





More information about the Clug-chat mailing list