Phishing & BotNets
java-based botnet? Mar 21 2006 06:29PM
admin (sfbotnets omni poc net)
Since January 10th of this year, I've been observing a constant flow of
unusual hits to my web server. Here is an example excerpt:

x.x.194.74 - - [21/Mar/2006:00:51:16 +0000] "GET / HTTP/1.1" 200 104 "-" "Java/1.4.1_04" "example.com" "-" "-"
x.x.195.103 - - [21/Mar/2006:06:02:03 +0000] "GET / HTTP/1.1" 200 104 "-" "Java/1.5.0_04" "example.com" "-" "-"
x.x.241.135 - - [21/Mar/2006:07:06:43 +0000] "GET / HTTP/1.1" 200 104 "-" "Java/1.4.1_04" "example.com" "-" "-"

All of the hits follow this pattern: "GET /" for the same virtual host
(sterilized to "example.com" here), with a "Java/*" user agent. So far
I've counted 330 such hits, from 232 unique (mostly dymanically-
assigned) IP addresses all over the world.

No matter what response code my server gives, these mindless bots just
keep on coming.

Has anyone else observed this phenomenon, or have any clues as to its
origins?

Thanks.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus