Have you seen curious requests for "/default.ida?NNN..." (or the variant with "XXX" padding instead of "NNN") in your website access logs? Well congrats! That probably means some IIS webservers infected with the "red alert" virus tried to infect your website. Think of it as the computer equivalent of receiving a big, sloppy, and unsolicited kiss from some random drunk staggering around a bar stoned out of his/her mind. Also imagine that the drunk is only tempted by people he/she thinks are named "Bill" for some reason? Probably some awful memory about an tortured childhood... So pucker up(!) if you are running Windows/IIS 'cause that drunk radar sees a big blinking B-I-L-L on your forehead! People named Apache or UNIX can continue to drink quietly without worrying too much. But they still may want to watch out for all the drunks writhing on the floor unable to stand on the way out. If enough of them litter the place, it might be hard to get out the door!
Here is a list of compromised system that have connected to Nihilon.Com and tried to infect it with the virus. Luckily for me I'm on a UNIX box, so the end result was just a few bogus entries in a log file. Sorry to be such a party-pooper... Some of the address listed are obviously dynamically assigned by users ISP's, so the URL's may very well lead back to different servers by now.
URL/Domain-name 208.36.167.125 216.58.113.66 194.225.91.43 61.5.32.9 205.147.246.41 64.37.207.47 62.119.23.98 63.210.240.129 61.170.139.102 202.110.102.108 62.138.131.163 216.109.83.205 211.111.21.174 65.194.158.20 210.220.214.226 211.174.218.130 203.231.166.48 202.139.173.45 213.9.154.2 c319376-a.sttln1.wa.home.com 216-248-160-130.deltacom.net d25-242.ilu.uu.se coolbits.nu gmg-8.clients.easynet.fr baldwinlab.bumc.bu.edu avia3.lr.tudelft.nl i00102-d66.pvt.sk adsl-216-102-130-18.dsl.lsan03.pacbell.net as14-1-6.va.g.bonet.se c131.h061013005.is.net.tw useram07.uk.uudial.com ip464.virnxx1.adsl.tele.dk c372443-a.mckiny1.tx.home.com applications.amontech.com ALyon-201-2-1-79.abo.wanadoo.fr 212.68.234.252.brutele.be cpe-66-1-112-72.tx.sprintbbd.net i198228.ppp.asahi-net.or.jp 63-216-160-34.sdsl.cais.net adsl-64-164-185-38.dsl.lsan03.pacbell.net user-38ld3qe.dialup.mindspring.com fll-VoDSL59-cust072.mpowercom.net 203.23.178.4 CBL070.temp002.CH001-pasadena.dhcp.hs.earthlink.net 208.206.15.14 dsl081-087-033.lax1.dsl.speakeasy.net 211.197.29.7 kone13.typostudio.fi 64-95-192-151.saca1gw01.volonet.com dsl-27-040.hollinet.com 203.239.117.36 adsl-217-192.36-151.net24.it c498618-a.tcma1.wa.home.com krakintgw.krak.dk h0003471a30a2.ne.mediaone.net 203.247.203.152 202.120.189.51 extern.adnc.com ip160.arcnxx3.adsl.tele.dk 240-34.wwc.edu lbalding.homecom.com nidoran.u.tosho-u.ac.jp 211.225.183.250 203.235.25.5 hdsl230.sttl.uswest.net 211.243.49.8 202.143.128.177.apexn.net 61.154.16.11 63.125.200.68 h24-78-159-189.vc.shawcable.net 211.54.232.242 198.180.26.242 211.55.75.103 195.235.59.210 209.51.225.106 211.61.39.4 kgl.matav.hu c219.h203149162.is.net.tw 211.20.61.31 211.200.5.227 168.126.50.46 202.30.222.239 SHAPE-hffr.ser.netvision.net.il 3.1.221.202.ts.2iij.net mis.nkc.edu.tw pzini.bologna.enea.it adsl-65-67-91-201.dsl.ltrkar.swbell.net 211.220.114.133 z211-19-74-96.dialup.wakwak.ne.jp 210.232.83.228 61.131.65.82 211.254.139.91 a00-061.ip-osaka.highway.ne.jp 61-218-145-41.HINET-IP.hinet.net 210.106.227.104 211.202.3.62 211.217.163.86 210.114.153.13 unassigned.alcom.co.uk 61.74.162.3 yhn-server.kaist.ac.kr 195.170.78.147 210.226.87.210 hoco-ce507-ce1.webcache.tds.net node-64-248-95-79.dslspeed.zyan.com 80.16.80.14 202.101.165.236 211.106.100.100 1Cust53.tnt10.sfo3.da.uu.net 194.202.49.40 cx192223-a.wrobbins1.ga.home.com node7.copia.dslspeed.zyan.com 208.27.136.245 207.48.81.39 207.17.217.22 node-cffb9a2b.powerinter.net 207.8.87.141 101.229.gdsl.nwc.net h00a0cc74774c.ne.mediaone.net ip160.gte17.rb1.bel.nwlink.com 210.123.37.26 pD958574C.dip.t-dialin.net ip-207-153-21-3.oanet.com ip245.gte29.rb1.bel.nwlink.com 207.202.14.9 207.91.216.254 161-211-237-24-cable.anchorageak.net c207-202-243-180.sea1.cablespeed.com inconference3.pacificnet.net mail.cmba.com CableModem-1607.magiccablepc.com adsl-141-154-11-13.bostma.adsl.bellatlantic.net 207.224.52.92 61.73.29.26 211.56.84.178 www.allamericansportsmall.com 65.105.131.195 64.14.22.87 207.8.233.45 d-207-5-212-200.s-way.com DI-NET92-HOST7.dihsg.com a53.254.208.207.ded25.interaccess.com 213.181.145.195 207.210.170.55 dsl-lhnwdsl.pacifier.net gteb82-m.isomedia.net 194.90.197.97 207.179.69.202 hyp02-207-97-142-178.i-2000.net pool0188.max1.oakland-ca-us.earthlink.net 207.65.58.133 bzq-224-55.red.bezeqint.net 154-49.suscom-maine.net extranet.techlex.net c207-202-243-114.sea1.cablespeed.com 207.41.196.86 207.42.197.239 cblmdm207-12-174-111.buckeye-express.com 207.98.229.199 207.17.68.46 host132.207.55.121.aadsl.com cr2.metcom.com 207.204.168.154 66.43.134.92 209.20.62.82 a207-31-57-126.mtnvsd.k12.ca.us tc1r9-464.ras.cha.cantv.net 207.249.176.35 adsl-133.wwisp.net ip174.fleury-fg.com 207.86.178.42 207.40.144.230 m90.ncompass.ca 207.206.207.28 210.145.199.66 207.166.221.3 207.113.14.120 207.160.208.81 207.233.197.140 211.32.167.11 cs2416228-211.houston.rr.com w118.z216112082.lax-ca.dsl.cnc.net 12.27.8.161 207.200.28.38 207.212.50.86 207.92.225.120 212.23.254.181 207.203.7.34 c614613-a.arvada1.co.home.com nttestweb.sjcd.cc.tx.us 207.81.193.28 207.77.187.118 209.179.250.11 raq-223-112.ev1.net 207.217.138.24 203.246.91.175 adsl7.spkn.uswest.net 207.249.157.45 207.88.199.213 207.136.68.188 207.155.113.96 213.255.50.174 207.97.145.9 207.61.37.165 61.73.0.145 207.91.104.7 207.127.71.247 pool-207-53-38-111.generic.grid.net 61-218-220-170.HINET-IP.hinet.net 194.90.228.13 207.222.172.253 207.248.167.33 211.34.117.214 207.4.188.52 207.224.7.93 207.109.54.196 ip168.usw22.rb1.bel.nwlink.com 207.249.88.61 61.144.GD.CN 207.155.113.99 207.215.37.56 pool-207-53-38-145.generic.grid.net pool-207-53-39-53.generic.grid.net g51-75.citenet.net 207.248.62.39 d-207-5-251-21.s-way.com 207.229.191.253 207.105.59.48 208.228.244.99 207.171.31.6 133.66.26.142 cdm-207-81-3-snan.cox-internet.com 66.89.136.90 210.241.235.146 2cust-39.tnt1.hnr2.de.gan.uu.net 207.58.112.150 wkst26.chickenout.com ip-207-190-18-089.adsl.ithink.com 192.229.gdsl.nwc.net node-cffbbacd.powerinter.net 206.102.198.67 207.233.54.96 207.13.240.76 bdsl136.desm.uswest.net 207.207.186.197 207.141.150.207 unassigned-207-43-149-130.ip.accessacg.net 213.204.66.190 207.7.78.47 207.127.27.108 211.217.160.160 207.219.207.194 207.87.184.234 207.231.140.210 207.239.19.246 compue60.terra.net.mx 207.176.205.201 207.210.171.110 210.133.70.118 207.74.164.11 sdn-ar-008azphoeP128.dialsprint.net 207.144.4.8 207.67.203.69 st-207-63-199-101.sd205.s-cook.k12.il.us port200.msohio.net node-cffb9a2a.powerinter.net 207-214-170-130.cyberstudios.com host60.207-55-127.aadsl.com 207.227.191.148 207.51.122.3 166.70.129.156 207.10.132.41 207.151.227.143 sarang3.sarang.com d300.as2.clev.oh.voyager.net host158.tms.k12.nm.us 66.77.92.221 tramor5-pc2.jumpnet.com 207.97.172.221 207.238.9.73 207159100193.bellatlantic.net 207.22.114.170 207.251.154.43 194.191.123.104 dsl130.slc.micron.net pool-207-53-38-107.generic.grid.net 207.92.243.231 207.53.143.37 207.109.21.38 207.24.153.150 earth.matrix-imaging.com SomeHost164.CentermarkTech.com 207.232.163.85 ip228.arcnxx10.adsl.tele.dk 207.202.214.211 adsl-208-191-243-122.dsl.ltrkar.swbell.net 207.44.242.97 65.106.92.106 ppp123.dyn65.pacific.net.sg 207.179.174.62 a177.2.208.207.ded25.interaccess.com 207.74.164.19 207.229.2.133 host68.207.55.120.aadsl.com 207.8.78.35 207.173.116.24 host252.207.55.120.aadsl.com 207.67.186.55 207.249.230.200 203.197.195.170 207.232.163.102 202.105.237.162 207.5.154.49 207.202.27.108 cpu2544.adsl.bellglobal.com unassigned-207-43-149-131.ip.accessacg.net 207.176.248.250 207.250.241.239 207.63.46.26 204.149.167.15 207.202.233.50 195.90.159.218 63.66.87.2 207.141.150.215 207.88.202.181 207.152.82.69 65.100.132.121 207.111.11.58 207.164.55.142 207.179.108.220 209.101.50.38 207.55.125.21 207.12.244.210 207.104.29.183 207.55.120.230 207.249.143.170 207.217.175.32 207.182.94.248 24.189.34.223 207.237.165.253 207.79.212.122 207.232.108.209 207.5.198.182 207.17.220.131 207.92.243.231 207.91.68.140 207.113.25.248 207.196.92.241 207.181.163.49 207.113.14.149 207.224.165.125 207.78.177.108 207.41.161.218 207.115.72.82 207.150.135.226 207.100.227.139 207.168.174.60 207.199.154.97 207.66.159.157 207.46.171.200 207.53.141.5 211.174.35.135 207.248.33.15 207.63.46.31 207.202.38.140 user129.net025.fl.sprint-hsd.net 207.122.126.20 211.217.207.66 207.92.247.9 d-207-5-210-53.s-way.com 202.159.94.84 207.164.244.105 207.233.251.25 207.66.120.11 207.88.113.156 207.66.65.6 econquest2.wia.com 207.127.44.109 193.213.209.180 watchyoback.com 205.247.229.100 207.202.184.147 unisverse.org 207.178.242.114 207.41.161.188 207.97.84.73 207.246.29.141 207.176.135.199 207.50.57.7 207.88.113.157 210.207.168.13 207.14.215.151 207.248.190.40 207.107.194.142 207.180.195.22 node-cffbb554.powerinter.net 207.113.57.219 207.61.97.162 207.17.228.16 207.113.111.3 207.12.184.74 207.222.2.59 208.138.254.150 61.221.144.50 207.150.13.130 207.73.53.221 209.183.143.99 207.176.135.179 207.15.45.94 207.248.185.162 207.108.52.7 148.247.60.15 207.202.252.58 207.106.47.113 207.224.52.89 207.33.249.77 61.156.202.45 213.38.32.67 207.115.67.173 207.227.8.230 211.186.55.188 s154-cdm51.amar.tcac.net 207.51.37.251 193.226.125.149 207.67.236.228 209.47.11.16 c207-202-243-227.sea1.cablespeed.com wcc5-106.wccnet.org pool-207-53-39-24.generic.grid.net 207.88.207.50 koti1-user230.adsl.tpo.fi pool-207-205-165-186.slkc.grid.net 207.17.217.2 207.232.22.39 207.13.195.31 207.192.198.71 207.249.148.58 207.245.42.168 207.136.112.130 ip-207-153-3-102.oanet.com host.volocom.net 207.61.31.82 pool0374.cvx30-bradley.dialup.earthlink.net 207.111.94.4 207.213.71.182 207.10.206.79 207.196.163.37 207.20.242.119 213.25.213.46 217.84.186.90 203.198.129.35 207.173.108.105 207.202.243.227 207.197.240.7 207.21.1.5 207.235.112.62 207.63.239.21 207.196.92.208 210.94.189.51 207.249.78.110 207.228.108.124 207.249.80.109 207.113.87.1 61.72.136.197 207.225.38.52	Company/Country (Concentric.Net/US) (IGS.Net/US) (Iran) (Indonesia) (Fast.Net/US) (Exodus.Net/US) (Sweden) (Level3.Net/US) (China) (China) (Germany) (Exodus.Net/US) (Korea) (UU.Net/US) (Korea) (Korea) (Korea) (Korea) (Spain) (US) (US) (Sweden) (Niue) (France) (US) (Netherlands) (Slovakia) (US) (Sweden) (Taiwan) (US) (Denmark) (US) (US) (France) (Belgium) (US) (Japan) (US) (US) (US) (US) (Australia) (US) (UU.Net/US) (US) (Korea) (Finland) (US) (US) (Korea) (Italy) (US) (Denmark) (US) (Korea) (China) (US) (Denmark) (US) (US) (Japan) (Korea) (Korea) (US) (Korea) (US) (China) (UU.Net/US) (US) (Korea) (SanNet.Gov/US) (Korea) (Spain) (OEM.Net/US) (Korea) (Hungary) (Taiwan) (Taiwan) (Korea) (Korea) (Korea) (Isreal) (US) (Taiwan) (Italy) (US) (Korea) (Japan) (Japan) (China) (Korea) (Japan) (US) (Korea) (Korea) (Korea) (Korea) (United Kingdom) (Korea) (Korea) (Austria) (Japan) (US) (US) (Italy) (China) (Korea) (US) (United Kingdom) (US) (US) (Sprint.Net/US) (CW.Net/US) (UU.Net/US) (US) (Jump.Net/US) (US) (US) (US) (Korea) (US) (US) (US) (IDT.Net/US) (MICA.Net/US) (US) (US) (US) (US) (US) (US) (USWest.Net/US) (Korea) (Korea) (US) (Concentric.Net/US) (Exodus.Net/US) (Netaxs.COM/US) (US) (US) (US) (Netherlands) (Canada) (US) (US) (Israel) (Acd.Net/US) (US) (US) (Isdn.Net/US) (US) (US) (US) (US) (Sprint.Net/US) (Sprint.Net/US) (US) (Winstar.Net/US) (Uu.Net/US) (US) (US) (Winstar.Net/US) (Uslec.Com/US) (Canada) (US) (US) (Mexico) (US) (US) (Icix.Net/US) (Sprint.Net/US) (Canada) (Dwx.Com/US) (Japan) (Nacs.Net/US) (Idt.Net/US) (More.Net/US) (Publicnet.Net/US) (Korea) (US) (US) (Att.Net/US) (Onr.Com/US) (US) (Eartlink.Net/US) (Switzerland) (Bellsouth.Net/US) (US) (US) (Canada) (Uu.Net/US) (US) (US) (Earthlink.Net/US) (Korea) (US) (Mexico) (Concentric.Net/US) (Canada) (Softaware.Com/US) (Italy) (I-2000.Com/US) (Canada) (Korea) (Verio.Net/US) (Sprint.Net/US) (US) (US) (Israel) (Earthlink.Net/US) (Mexico) (Korea) (Nc.Us/US) (Uswest.Net/US) (US) (US) (Mexico) (China) (Softaware.Com/US) (Pbi.Net/US) (US) (US) (US) (Mexico) (US) (Enteract.Com/US) (Pbi.Net/US) (Uu.Net/US) (Pacificnet.Net/US) (Japan) (US) (Concentric.Net/US) (Taiwan) (US) (Verio.Net/US) (US) (US) (US) (US) (Cw.Net/US) (Csu.Net/US) (Sprint.Net/US) (US) (Videonext.Com/US) (Att.Net/US) (US) (Turkey) (US) (Sprint.Net/US) (Korea) (Canada) (Icix.Net/US) (Netrex.Com/US) (Icix.Net/US) (Mexico) (Canada) (Canada) (Japan) (Merit.Edu/US) (US) (Infoave.Net/US) (Verio.Net/US) (US) (US) (US) (US) (US) (Nap.Net/US) (Cw.Net/US) (Xmission.Com/US) (Sprint.Net/US) (US) (US) (US) (US) (Qwest.Net/US) (US) (I-2000.Com/US) (US) (US) (Verio.Net/US) (US) (Switzerland) (US) (US) (US) (Verio.Net/US) (Uswest.Net/US) (Ans.Net/US) (US) (US) (Sc.Us/US) (Denmark) (US) (US) (Verado.Com/US) (Concentric.Net/US) (Singapore) (Canada) (US) (Merit.Edu/US) (Canada) (US) (US) (Eli.Net/US) (US) (Verio.Net/US) (Mexico) (India) (Sc.Us/US) (China) (US) (Idt.Net/US) (US) (US) (Canada) (US) (Illinois.Net/US) (US) (US) (US) (Uu.Net/US) (Att.Net/US) (Concentric.Net/US) (Verio.Net/US) (US) (Icix.Net/US) (US) (Acd.Net/US) (Epoch.Net/US) (US) (Sprint.Net/US) (Pbi.Net/US) (US) (Mexico) (US) (Micro-net.Net/US) (US) (Rcn.Com/US) (Uu.Net/US) (US) (US) (Uu.Net/US) (Earthlink.Net/US) (Verio.Net/US) (Idt.Net/US) (Verio.Net/US) (Netrax.Net/US) (Idt.Net/US) (Uswest.Net/US) (Uu.Net/US) (US) (US) (Verio.Net/US) (US) (Epoch.Net/US) (US) (Wolfe.Net/US) (Microsoft.Com/US) (US) (Korea) (Mexico) (Illinois.Net/US) (Idt.Net/US) (US) (Bbnplanet.Com/US) (Korea) (Earthlink.Net/US) (US) (Indonesia) (Canada) (Publicnet.Net/US) (Nm.Org/US) (Concentric.Net/US) (Nm.Org/US) (US) (Sprint.Net/US) (Norway) (US) (??) (US) (US) (US) (US) (Verio.Net/US) (Asu.Edu/US) (Canada) (US) (Concentric.Net/US) (Korea) (Sprint.Net/US) (Mexico) (US) (US) (US) (Idt.Net/US) (Canada) (US) (Idt.Net/US) (Sprint.Net/US) (Earthlink.Net/US) (Cw.Net/US) (US) (Verio.Net/US) (US) (Canada) (Canada) (US) (Mexico) (US) (Mexico) (US) (Netaxs.Com/US) (Uswest.Net/US) (US) (China) (United Kingdom) (Isomedia.Com/US) (Nap.Net/US) (Korea) (US) (Cw.Net/US) (Romania) (Verio.Net/US) (Canada) (US) (US) (US) (Concentric.Net/US) (Finland) (US) (Uu.Net/US) (Israel) (Sprint.Net/US) (US) (Mexico) (Canada) (Canada) (US) (US) (Canada) (US) (Verio.Net/US) (US) (Sprint.Net/US) (US) (Verio.Net/US) (Poland) (US) (US) (US) (US) (Verio.Net/US) (Verio.Net/US) (Fibr.Net/US) (US) (Verio.Net/US) (Korea) (Mexico) (US) (Mexico) (US) (Korea) (US)
Summary by country 1. US 321 2. Korea 40 3. Canada 21 4. Mexico 15 5. Japan 9 6. China 9 7. Taiwan 5