I just found four hits for this too.

Jennifer

I've seen it a dozen times today. None yesterday. Found a small, and not illuminating, reference about infected sites taking advantage of IE.

I have never seen these in the error log before yesterday. Found 3 more of them today. Hopefully it's not a bad thing trying to get into the server.

Deb

Eweek [eweek.com]
How does one know if their site is compromised and serving up more trouble?

I found some more information on this trojan from [cleverhack.com...]

sjdif.exe trojan
Blogged under: Tech — joy @ 12:25 am
Host: 66.194.6.79
Url: /sjdif.exe
Http Code : 403
Date: Jul 02 00:03:35
Http Version: HTTP/1.1?
Size in Bytes: 1010
Referer: -
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312462)

This exploit appears to be new and affecting Windows machines running Internet Explorer. As of this writing, Google only returned a few hits for the sjdif.exe file. According to this Sophos information page [sophos.com...] the sjdif.exe file is a downloading component of the Troj/Ovedil-B Trojan.

The interesting part is that a client browser was hitting my site, apparently searching for a copy of the sjdif.exe file and the Sophos information page makes no mention of the infection being *spread* by client machines. Perhaps this is a new, distributed version of the trojan?

Update: An NTBugtraq message with details about the trojan.
BHO Trojan follow-up information
[archives.neohapsis.com...]