> Anyway, here's what I've done on my own system (not on a cable modem): > > Add `.ida' to the PHP mime/type in httpd.conf > > AddType application/x-httpd-php .php .php4 .ida > > and created a file named `default.ida' that attempts to connect back to > CR2-infected systems and pop up a warning with the `net send' command. > > Of course, I have no way to test it. > > http://www.tc.umn.edu/~hick0088/files/defaultida.txt It won't work. I've tried it. Apache sees the garbage that is the virus body, and responds with a Bad Request error, and won't even touch any CGI you try and get it to run. What you need to do is make a daemon that watches apache's logfiles for codered hits and responds in whatever way you'd like.