Full Disclosure mailing list archives

Re: Wanted: Sasser executable and derivatives

From: Syke <syke () mantissecurity net>
Date: Sun, 27 Jun 2004 20:05:26 -0700

Bob Perriero wrote:

If you really want viruses to study, it's not so difficult to put up
an unpatched windows system directly attached to your cable modem (no
firewall/router) and let it sit overnight. I'm sure that you will get
more viruses than you'll ever need. Then simply load up knoppix or
knoppix-std and retrieve all your files.

-Bob


----- Original Message -----
From: The Central Scroutinizer <scroutinizer () beeb net>
Date: Sat, 26 Jun 2004 17:50:00 +0100
Subject: [Full-disclosure] Wanted: Sasser executable and derivatives
To: full-disclosure () lists netsys com


Hi again,

Would you please send any executables direct to me, zipped and encoded
with a password in order to get through my e-mail anti virus software,

Many thanks

CS

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Wouldn't it be easier to use honeyd(www.honeyd.org) with an LSASS ormydoom script? That way you can just check the logs for the binariesthat were uploaded?


--
Syke, Founder of Mantis Security Networks
http://www.MantisSecurity.net
Bringing Security To New Standards

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Wanted: Sasser executable and derivatives The Central Scroutinizer (Jun 26)
- <Possible follow-ups>
- Wanted: Sasser executable and derivatives The Central Scroutinizer (Jun 26)
  - Re: Wanted: Sasser executable and derivatives Bob Perriero (Jun 27)
    - Re: Wanted: Sasser executable and derivatives Syke (Jun 27)
    - Re: Wanted: Sasser executable and derivatives James Riden (Jun 28)
    - Re: Wanted: Sasser executable and derivatives Steve Kudlak (Jun 28)