Bot or malware?

Forum Moderators: open

Message Too Old, No Replies

Bot or malware?

I'm seeing strange 'msoffice' access to my system

Megaclinium

8:22 pm on Mar 24, 2008 (gmt 0)

I'm seeing strange accesses in my weblog from 99.149.83.zz, which resolved to probably a DSL conx, big block.

to these URLs:

/MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0
/_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0

this was the UA, which would mean a server of some kind likely,
or a user on an older PC.

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

my question, is this some kind of trojan or buffer overflow attempt ?

(these directories don't exist on the server, as not windoze)
I've 403'd the address but don't know if I should.

wilderness

9:20 pm on Mar 24, 2008 (gmt 0)

A normal visitor using one of the MS Office modules to view your web page (and save locally was well).

Many MS Word users are under the firm deception that Word has capability to do everything between walking the dog and shingling the roof ;)

Don

jdMorgan

10:30 pm on Mar 24, 2008 (gmt 0)

This is Internet Explorer with the "Web discussions" bar enabled. The discussion bar is querying your server to see if it supports "Web discussions." In IE, see View->Explorer Bar->Discuss

And as Don says, the same can be done from within Word itself when viewing a Web document -- Word then uses IE, and the behavior looks pretty much the same in your log file.

You can ignore these requests, it's just another MS rudeness that they keep asking for more proprietary files, even after the first "discussion support" file is not found.

Jim

Bewenched

4:48 am on Apr 4, 2008 (gmt 0)

MS never ceases to amaze me.

I just found the other day that you can import data from a webpage directly into excel.

Bot or malware?

I'm seeing strange 'msoffice' access to my system

Megaclinium

wilderness

jdMorgan

Bewenched

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week