[Snort-users] Nice formmail.pl probes

Jim Forster jforster at ...176...
Thu Feb 28 09:13:16 EST 2002

Anyone else seeing a formmail.pl search script running around your websites?
I was hit with it from users of pacbell.net, kscable.com, BFLO.splitrock.net, shreveport.la.da.uu.net, and tc.ph.cox.net last night, over 3 different class C's.
The subject was either "w00t x.com" or "www.x.com" (x being the domain it hit) going out to their addresses.  (nice their script left me contact info anyway)  ;)
I'm guesing worm, as 90% of the 'send to' addresses were the same AOL user - the other 10% were other AOL usernames.   (well, and one epimp.com address)
Sleep: A completely inadequate substitute for caffeine.

Jim Forster, jforster at ...176... on 02/28/2002
Network Administrator
RapidNet, A Golden West Company

More information about the Snort-users mailing list