Full Disclosure mailing list archives
Re: Re: Re: DoomJuice.A, Mydoom.A source code
From: "Filipe A." <incognito () patria ath cx>
Date: Wed, 11 Feb 2004 04:40:11 +0000 (WET)
On Tue, 10 Feb 2004, Riad S. Wahby wrote:
As for the code, have you tried catching the bug with a honeypot? I heard of people using netcat listening on port 3127 to catch the bug...To be honest, I didn't expect this to work, but before I left my office last night I decided I may as well try it. To my great surprise, I came in this morning and found that I had "caught one" within minutes of opening the port. Quite im(de?)pressive.
I've done that and after 12 hours I had about 27 files. 8 of them were unique both in size and content. I've identified the one that drops the .tbz with source code but that leaves me with another 7 different files. Question is, how many things are out there piggybacking on mydoom's backdoor? And now the source code is public many more will emerge in the next few days... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- DoomJuice.A, Mydoom.A source code Riad S. Wahby (Feb 09)
- Re: DoomJuice.A, Mydoom.A source code Nick FitzGerald (Feb 09)
- Re: DoomJuice.A, Mydoom.A source code Riad S. Wahby (Feb 09)
- Re: Re: DoomJuice.A, Mydoom.A source code Frank Knobbe (Feb 10)
- RE: [inbox] Re: Re: DoomJuice.A, Mydoom.A source code Curt Purdy (Feb 10)
- Re: Re: DoomJuice.A, Mydoom.A source code Riad S. Wahby (Feb 10)
- Re: Re: Re: DoomJuice.A, Mydoom.A source code Papp Geza (Feb 10)
- Re: Re: Re: DoomJuice.A, Mydoom.A source code Filipe A. (Feb 10)
- Re: Re: Re: DoomJuice.A, Mydoom.A source code Nick FitzGerald (Feb 11)
- Re: Re: Re: DoomJuice.A, Mydoom.A source code Filipe A. (Feb 11)
- Re: DoomJuice.A, Mydoom.A source code Riad S. Wahby (Feb 09)
- Re: DoomJuice.A, Mydoom.A source code Nick FitzGerald (Feb 09)
- <Possible follow-ups>
- RE: Re: DoomJuice.A, Mydoom.A source code Nick Jacobsen (Feb 10)