Jump to content


Photo

Gator


  • Please log in to reply
1 reply to this topic

#1 msteudel

msteudel

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 10 June 2004 - 01:53 PM

I apologize if this is not appropriate for this thread ...

Looking in my weblogs, one of the highest hits of an ip on my server shows up as the following:

217.42.1.127 - - [10/Jun/2004:08:02:17 -0500] "GET /gatorcme/core/appllist.zip HTTP/1.1" 302 1495 "-" "Gator/5.0 Blast Thread {DDC21BA0-B3E8-11D8-95DE-F157BB5CD730}"
217.42.1.127 - - [10/Jun/2004:08:02:18 -0500] "GET /index.html HTTP/1.1" 200 11821 "-" "Gator/5.0 Blast Thread {DDC21BA0-B3E8-11D8-95DE-F157BB5CD730}"

217.42.1.127 - - [10/Jun/2004:08:02:16 -0500] "GET /gatorcme/core/syscfg.zip HTTP/1.1" 302 1495 "-" "Gator/5.0 Blast Thread {DDC21BA0-B3E8-11D8-95DE-F157BB5CD730}"
217.42.1.127 - - [10/Jun/2004:08:02:16 -0500] "GET /index.html HTTP/1.1" 200 11821 "-" "Gator/5.0 Blast Thread {DDC21BA0-B3E8-11D8-95DE-F157BB5CD730}"


Gator is usually associated with spyware, are these entries related? Or is this something else?

Thanks, Mark

#2 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,757 posts

Posted 10 June 2004 - 03:56 PM

CME is a core component of Gator and often shows up with it in logs.

From the look of this, it seems that someone's Gator software is recalling data for fields on your index.html page, which it then inputs for the user.
Signature file is under revision. This will be back shortly.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button