Internet worm that attacks MicroSoft servers via BufferOverflow attacks. The files it attempts to attack are:
- /scripts/..%5c../winnt/system32/cmd.exe
- /scripts/root.exe
- /MSADC/root.exe
- /c/winnt/system32/cmd.exe
- /default.ida
- /d/winnt/system32/cmd.exe
- /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
- /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
- /msadc/..%5c../..%5c../..%5c/..� ../..� ../..� ../winnt/system32/cmd.exe
- /scripts/..� ../winnt/system32/cmd.exe
- /scripts/..�../winnt/system32/cmd.exe
- /scripts/..�../winnt/system32/cmd.exe
- /scripts/..%2f../winnt/system32/cmd.exe
See InternetWorms, DefaultDotIda
Nimda Worm