Re: [Full-Disclosure] Wanted: Sasser executable and derivatives
From: Steve Kudlak (chromazine_at_sbcglobal.net)
To: James Riden <firstname.lastname@example.org>, fulldis list <email@example.com> Date: Mon, 28 Jun 2004 18:38:25 -0700
I look at what my antivirus things catch and what sentinare catches on
my formal account. Sentinare is pretty good with all this stuff. I have
not seen Sasser. I have seen Swen and BAGLE and IRCBOT.
The IRCBots stopped when I turnd off sharing on pretty much everything.
I was sharing files between my main Win2k machine and the virtua;
Red Hat Linux I have been working with.
James Riden wrote:
>Syke <firstname.lastname@example.org> writes:
>> Wouldn't it be easier to use honeyd(www.honeyd.org) with an LSASS or
>>mydoom script? That way you can just check the logs for the binaries
>>that were uploaded?
>Yes, because you'll get an awful lot more than Sasser if you put an
>unpatched Win32 machine on the 'net. Even if you just leave off the
>MS04-011 patch, you could get other things, such as Korgo and Agobot
Full-Disclosure - We believe in it.