Re: [Full-Disclosure] Wanted: Sasser executable and derivatives
From: Steve Kudlak (chromazine_at_sbcglobal.net)
Date: 06/29/04
- Previous message: Nancy Kramer: "RE: [Full-Disclosure] Microsoft and Security"
- In reply to: James Riden: "Re: [Full-Disclosure] Wanted: Sasser executable and derivatives"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: James Riden <j.riden@massey.ac.nz>, fulldis list <full-disclosure@lists.netsys.com> Date: Mon, 28 Jun 2004 18:38:25 -0700
I look at what my antivirus things catch and what sentinare catches on
my formal account. Sentinare is pretty good with all this stuff. I have
not seen Sasser. I have seen Swen and BAGLE and IRCBOT.
The IRCBots stopped when I turnd off sharing on pretty much everything.
I was sharing files between my main Win2k machine and the virtua;
Red Hat Linux I have been working with.
Have Fun,
Sends Steve
James Riden wrote:
>Syke <syke@mantissecurity.net> writes:
>
>
>
>
>> Wouldn't it be easier to use honeyd(www.honeyd.org) with an LSASS or
>>mydoom script? That way you can just check the logs for the binaries
>>that were uploaded?
>>
>>
>
>Yes, because you'll get an awful lot more than Sasser if you put an
>unpatched Win32 machine on the 'net. Even if you just leave off the
>MS04-011 patch, you could get other things, such as Korgo and Agobot
>variants IIRC.
>
>cheers,
> Jamie
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Nancy Kramer: "RE: [Full-Disclosure] Microsoft and Security"
- In reply to: James Riden: "Re: [Full-Disclosure] Wanted: Sasser executable and derivatives"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
