Re: [Full-Disclosure] Wanted: Sasser executable and derivatives

From: Steve Kudlak (chromazine_at_sbcglobal.net)
Date: 06/29/04

  • Next message: William Warren: "Re: [Full-Disclosure] Microsoft and Security"
    To: James Riden <j.riden@massey.ac.nz>, fulldis list <full-disclosure@lists.netsys.com>
    Date: Mon, 28 Jun 2004 18:38:25 -0700
    
    

    I look at what my antivirus things catch and what sentinare catches on
    my formal account. Sentinare is pretty good with all this stuff. I have
    not seen Sasser. I have seen Swen and BAGLE and IRCBOT.
    The IRCBots stopped when I turnd off sharing on pretty much everything.
    I was sharing files between my main Win2k machine and the virtua;
    Red Hat Linux I have been working with.

    Have Fun,
    Sends Steve

    James Riden wrote:

    >Syke <syke@mantissecurity.net> writes:
    >
    >
    >
    >
    >> Wouldn't it be easier to use honeyd(www.honeyd.org) with an LSASS or
    >>mydoom script? That way you can just check the logs for the binaries
    >>that were uploaded?
    >>
    >>
    >
    >Yes, because you'll get an awful lot more than Sasser if you put an
    >unpatched Win32 machine on the 'net. Even if you just leave off the
    >MS04-011 patch, you could get other things, such as Korgo and Agobot
    >variants IIRC.
    >
    >cheers,
    > Jamie
    >
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: William Warren: "Re: [Full-Disclosure] Microsoft and Security"