A few days after the exploit originally became widely known, there are now many different SharePoint exploit attempts in circulation. We do see some scans by researchers to identify vulnerable systems (or to scan for common artifacts of compromise), and a few variations of the “ToolPane.aspx” URL being hit. Even for our “random” honeypots, the number of hits has increased significantly without having to emulate SharePoint better.
This article has been indexed from SANS Internet Storm Center, InfoCON: green