RE: Exploit or trojan

From: Myers, Mike (Mike.Myers_at_nwdc.ibs-lmco.com)
Date: 12/19/03


Date: Fri, 19 Dec 2003 13:56:40 -0800
To: "Gil Disatnik" <gil@disatnik.com>, focus-sun@securityfocus.com

I might point out that the Sun fingerprint database can be of great assistance in a case like this. Sun has provided an interface to check MD5 checksums of all (well, most) binaries they have ever distributed either as patches or as core OS pieces.

The interface isn't great for mass checking of files (web form with max of 255 entries at a time) but it's a place to start:

http://sunsolve.sun.com/pub-cgi/fileFingerprints.pl

Cheers,
 - Mike Myers, Mike.Myers <at> nwdc.net