what is the .ida file extension, and why is someone looking for it at my server?
Nov 15th, 2001 17:21
Anthony Boyd, blue rose,
You probably saw requests like this:
Well, that is the Code Red virus, trying to break into your server.
Code Red was very indiscriminate -- it would try to find that file on
any Web server, even though only IIS servers could be hacked by it.
What was happening was that Code Red had broken into some clueless
person's computer. It then used that clueless person's computer to
attempt to break into your computer. You are not clueless, you are
running Apache. So the attack did nothing to you.
If you had been clueless, that string of X's (or N's) would be Code
Red's attempt to overflow the buffer of the default.ida file, which
typically is available on IIS servers. Once overflowed, it would be
able to infect the computer running IIS. Finally, at pre-scheduled
dates, all the infected computers on the Internet would attempt a DoS
attack on the whitehouse Web site. DoS = Denial of Service (basically,
flooding the whitehouse Web site with bogus requests).