I had a look at my Apache access logs and found a whole bunch of lines like these:

216.133.xxx.xxx - - [06/Mar/2004:18:36:02 +0100] “\x870″ 501 -
220.130.xxx.xxx - - [06/Mar/2004:20:58:33 +0100] “Y\x14\xdc\xa4N\x90T\xe22rRY5Q” 501 -
67.68.xxx.xxx - - [07/Mar/2004:01:04:54 +0100] “e\xc6\xed.\xfeE\xa8+\xcc\x0f\xe3\xbeu\xe3″ 501 -

Tons and tons of them. They clearly have a common pattern — groups of three letters/numbers separated by slashes, sometimes with additional characters in the letter groups.

Does anyone have any idea what this junk is? The first one appeared in the log on Feb. 27th, and the log is crawling with them since then, with IP addresses from all over the place.

I’m guessing it’s a recent worm, given the current virus war between stupid asshats who appear to have an average age of 11½.