Re: CIAC TECH BULLETIN: 04-001 Remote Detection of the Mydoom.A Worm
From: Tedd Riggs (T_Riggs_at_MSN)
Date: 02/02/04
- Next message: Jim Macklin: "Re: which anti-virus???"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: which anti-virus???"
- In reply to: Bill Sanderson: "Re: CIAC TECH BULLETIN: 04-001 Remote Detection of the Mydoom.A Worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 2 Feb 2004 06:25:54 -0800
I think they are both valid, the one direct from the site is the
"mass-mailing" version I believe as its Marked:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
and Davids is I beleive the direct mailing version.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5.2
However, its been years since I did much with PGP, so I could be way off
also...
Tedd
-- Tedd Riggs PDA Square Content Developer www.pdasquare.com "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message news:ue9KU2S6DHA.2560@TK2MSFTNGP09.phx.gbl... > Help me out. > > Just when I thought I understood how to verify PGP-signed messages, I get > this result with this one: > > *** PGP Signature Status: bad > *** Signer: CIAC <ciac@llnl.gov> > *** Signed: 1/30/2004 7:33:10 PM > *** Verified: 2/1/2004 8:19:37 PM > *** BEGIN PGP VERIFIED MESSAGE *** > > (What am I doing wrong?) > > I've obtained the key from: > http://www.ciac.org/ciac/index.html (upper right corner) > and it shows as both valid and trusted in my keyring. > > I've been able to verify the last CERT advisory, so I thought I was > beginning to know what I was doing, but..... > > (and this isn't really addressed to David Lipman--but to all those here who > can help us out in understanding how to properly verify such a post) > > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message > news:eHb7K%23R6DHA.2908@tk2msftngp13.phx.gbl... > > From: CIAC Mail User [SMTP:ciac@ciac.org] > > To: tech-bulletin-list@rum.llnl.gov > > Cc: > > > > Subject: CIAC TECH BULLETIN: 04-001 Remote Detection of the Mydoom.A Worm > > Sent: 1/30/2004 7:33 PM > > Importance: Normal > > -----BEGIN PGP SIGNED MESSAGE----- > > > > __________________________________________________________ > > > > The U.S. Department of Energy > > Computer Incident Advisory Capability > > ___ __ __ _ ___ > > / | /_\ / > > \___ __|__ / \ \___ > > __________________________________________________________ > > > > TECHNICAL BULLETIN > > > > Remote Detection of the MyDoom.A Worm > > > > January 31, 2004 00:00 GMT Number CIACTech04-001 > > _____________________________________________________________ > > PROBLEM: Before systems containing the MyDoom.A worm can be cleaned, > > they must be detected. As running a scanner on each system > > can be difficult and time consuming, a method of remote > > scanning > > for infected machines is needed. > > PLATFORM: Doomkill.vbs runs on a Windows platform. Nmap can run on > > many > > platforms. > > ABSTRACT: The Mydoom worm is probably the fastest growing worm so > > far. > > The only way to stop it is to detect the infected systems > > and > > clean them up. Unfortunately, running a scanner on each > > system > > is difficult and time consuming so a method of remote > > detection is preferable. In this paper, two members of the > > FIRST > > community (www.first.org) have made available remote > > scanners > > for detecting Mydoom.A. The first is a configuration file > > for > > the nmap scanner (www.insecure.org) which uses its > > application detection capability to detect Mydoom.A running > > on port 3127. > > The second is a vbscript program that uses WMI to detect the > > linkages between Mydoom and .dll files on the system. > > ________________________________________________________ > > LINKS: > > CIAC BULLETIN: http://www.ciac.org/ciac/techbull/CIACTech04-001.shtml > > OTHER LINKS: Doomkill.zip: > > http://www.ciac.org/ciac/techbull/doomkill.zip > > _________________________________________________________ > > > > _________________________________________________________ > > The Computer Incident Advisory Capability > > ___ __ __ _ ___ > > / | / \ / > > \___ __|__ /___\ \___ > > __________________________________________________________ > > The U.S. Department of Energy's Computer Incident Response Team > > Lawrence Livermore National Lab P.O. Box 808, L-303 Livermore, CA 94551 > > CIAC Phone: 925-422-8193, Fax: 925-423-8002 E-mail: ciac@llnl.gov > > __________________________________________________________ > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP for Business Security 5.5.2 > > > > iQCVAwUBQBr3xrnzJzdsy3QZAQF74AP/YT393n78DL+Fe7rvY6B3qALrmAznstr1 > > xIDTeCdnKmgMHZ/OZZSbadBo4QjFQRv92uDilHbcApYxeSVNgYDsMR/CIFiy+gt9 > > 2IDb3jxAnbQOfnwI7WNVsI3ofEQnqS65ssXc9kg2X/qhib1o2b1j8cvdCrn/dFsm > > tfGPPUa4+oE= > > =oPlR > > -----END PGP SIGNATURE----- > > > > CIAC LIST: 12 > > > > > > > > > >
- Next message: Jim Macklin: "Re: which anti-virus???"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: which anti-virus???"
- In reply to: Bill Sanderson: "Re: CIAC TECH BULLETIN: 04-001 Remote Detection of the Mydoom.A Worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
