http://norman.walsh.name/2003/05/18/crackthis 6 17 2003-05-18 $Date: 2005-09-11 10:27:02 -0400 (Sun, 11 Sep 2005) $ Norman Walsh 2003 Norman Walsh You can run, but I guess you can't hide. Joseph Conrad Conrad Joseph The belief in a supernatural source of evil is not necessary; men alone are quite capable of every wickedness. This site has been online for less than two weeks; to the best of my knowledge, it isn't publically advertised anywhere. You can imagine that I was a little bit surprised to discover entries like the following in my server log: GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX X%u9090%u6858%ucbd3%u7801%u9090%u6858%uc bd3%u7801%u9090%u6858%ucbd3%u7801%u9090% u9090%u8190%u00c3%u0003%u8b00%u531b%u53f f%u0078%u0000%u00=a They're coming from all over, at a rate of a little more than one an hour. It didn't take Google very long to tell me that this is some variant of the CodeRed Virus CodeRed virus. I knew it existed, of course, but I'd never paid it any mind. There's no Windows software around here for it to infect. I'll admit a mild curiosity Curiosity about why a GET of the form above should spread a virus, but not enough curiosity to go and find out. Malicious bastards.