code red---- on system that is already (and has been) patched

From: Sandy Ryan <sryan(at)seewolf.com>
Date: Mon Mar 03 2003 - 11:47:00 EST

('binary' encoding is not supported, stored as-is)

well - I doubt that the log is right - because I think the 200 implies that its not infected - by when my customer sees his report - and path taken through the site he sees worm.com

here's the log (simplified to get through the moderator) GET /default.ida

NN----NN%u9090%u6858%ucbd3%u7801...%u9090%u9090%u8190%u00c3%u0003%u8b00% u531b%u53ff%u0078%u0000%u00=a 200 0 206 4039 266 HTTP/1.0 [you know the url]- - - Received on Mon Mar 3 14:25:59 2003