Penetration Testing mailing list archives
RE: Exploiting a Worm
From: "Drage, Nick" <nick.drage () eds com>
Date: Fri, 16 Sep 2005 12:35:20 +0100
Does anyone knows a way to exploit this worm to get accessto the system? Maybe it's just me, but I'd worry more about letting the client know they have an infected and owned system on their network than trying to figure out if I could further exploit it. Especially if it's likely that the infection is actively being used by someone.
It's not just you, I would expect that the customer doesn't care whether the malware can be exploited or not. I thought it was standard practice to notify the customer immediately of the presence of such software so it can be removed or so the machine can be rebuilt, yes? -- Nick Drage EDS UK Penetration Testing Team ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Exploiting a Worm Ian Gizak (Sep 14)
- Re: Exploiting a Worm Paul Robertson (Sep 15)
- Re: Exploiting a Worm Craig Holmes (Sep 15)
- Re: Exploiting a Worm Marco Monicelli (Sep 15)
- <Possible follow-ups>
- Exploiting a Worm Ian Gizak (Sep 14)
- RE: [Full-disclosure] Exploiting a Worm Aditya Deshmukh (Sep 14)
- Re: [Full-disclosure] Exploiting a Worm Dave Dittrich (Sep 14)
- Re: [Full-disclosure] Exploiting a Worm Karma (Sep 14)
- RE: Exploiting a Worm Drage, Nick (Sep 16)