Another gem from my log file --
Has anyone seen any advisory relating to an attack against ADSAdClient31.dll? I don't have this .dll (I wrote my own banner software) and I have never seen it in the wild. Parameters of the GET request passed to the (non-existant) .dll were:
Does this look like an attempted buffer-overflow attempt to anyone? Am I now dealing with someone a bit more serious or is this another cook-book expoit that I've just not seen before? Opinions? Only one hit in the log so I guess this attempt wasn't up close and personal - it was probably some sort of vulnerability scanner iterating through an IP range.GetAd?PG=HOTBOS?SC=LG? HM=04514b47584b101e551e3b4719110440696909163a45132
44d125c515a5244194149616e?LOC=I?TF=adframe?PUID=00014C60E6AC87BE?UC=1
IP origonates in Germany - Any ideas before I turn him in?
TIA for any help or ideas.
Note to script kiddies: Before you attempt this exploit to see what it does on a box with ADSAdClient31.dll installed you should know that I have subtley changed the parameters, so whatever it was meant to do it it doesn't do now
Reply With Quote