Re: Bobax and Kibuv

[Tobias Weisserth <tobias () weisserth de>]

Hi "joe smith",

On Mon, 2004-05-24 at 17:09, joe smith wrote:
> Does anyone have a capture sample of Bobax and Kibuv?  I'm doing an 
> analysis it.  I search around and come up empty.  Any variant is fine.

I can't understand why it seems so hard to catch samples of worms that
knock at my firewall 24/7.

Just open the corresponding ports and forward them to a vulnerable
machine on a different subnet (DMZ) and let the worms infect a machine
you designated for this purpose.

If you really want to analyse the virus you should be able and have the
capacities to catch it out of the wild. You won't miss it. Believe me.

And if that's impossible, then contact your antivirus company of choice
and ask them. If you have a convincing reason then they'll gladly
provide ;-)

This list is not a supply warehouse for dubious "researchers" after all.

regards,
Tobias

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html