Re: recommendation on an exploit and malicious software

From: Ian Jones (roux@attbi.com)
Date: 05/25/02

• Next message: svek: "Re: Why is BSD more secure?"
• Previous message: Alan Guy: "iptables, loopback and NMAP self-scan"
• In reply to: Nico Kadel-Garcia: "Re: recommendation on an exploit and malicious software"
• Next in thread: Mark Newby: "Re: recommendation on an exploit and malicious software"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Ian Jones <roux@attbi.com>
Date: Sat, 25 May 2002 15:25:45 GMT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Nico Kadel-Garcia" <nkadel@bellatlantic.net> writes:

>> > I am working on an assignment on analysis of an exploit and malicious
>> > software on platform NT or Linux --- not any famous one, must be
> something
>> > new, any recommendations?
>> >
>> Why not do an analysis of a worm like nimda (win), code red(win),
>> ramen(linux) or 1i0n(linux). They are all relatively recent and well
>> documented now. If you want something "VERY NEW" see what you can find
>> on the klez worm.
>>
> Go for *old*: the Morris Worm. Show how the policies that left systems
> vulnerable to it are still in place, even worse among the Windows world than
> the UNIX world where the Morris Worm was created.

I think of greater interest to most users and even administrators are
exploits involving simple web browsing because that is currently one
of the most common uses for the internet. Start with cross site
scripting and work from there.

-----BEGIN PGP SIGNATURE-----
Comment: Keeping the world safe for geeks.

iD8DBQE876nHwBVKl/Nci0oRAivxAKDBkpqsV+nuA4AKpLdfpw6qMY3YNACfUWK1
7k41EeW2LChOMhKuOXgG8IY=
=na5V
-----END PGP SIGNATURE-----

---

• Next message: svek: "Re: Why is BSD more secure?"
• Previous message: Alan Guy: "iptables, loopback and NMAP self-scan"
• In reply to: Nico Kadel-Garcia: "Re: recommendation on an exploit and malicious software"
• Next in thread: Mark Newby: "Re: recommendation on an exploit and malicious software"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Purging Blaster.worm ... This hack patch discussion has been had before. ... but when it comes down to who is responsible if the "Patch Worm" ... > Hash: SHA1 ... (Security-Basics) Re: recommendation on an exploit and malicious software ... Hash: SHA1 ... >>> new, any recommendations? ... >> Why not do an analysis of a worm like nimda, code red, ... >> on the klez worm. ... (comp.os.linux.security) RE: Purging Blaster.worm ... This hack patch discussion has been had before. ... but when it comes down to who is responsible if the "Patch Worm" ... > Hash: SHA1 ... (Security-Basics) Re: [opensuse] no name, no subject ... Hash: SHA1 ... would like to complain to him/her about messages ... likely to have some kind of virus or worm, ... (SuSE) RE: nimda tries to send mail after reboot ... nimda tries to send mail after reboot ... I got a few copies of this worm this afternoon. ... The 'client fix' posted to a few lists earlier does not work. ... > and tracking system please see: http://aris.securityfocus.com ... (Incidents)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.linux.security  > 2002-05