Full Disclosure mailing list archives
Re: Wanted: Sasser executable and derivatives
From: James Riden <j.riden () massey ac nz>
Date: Mon, 28 Jun 2004 18:17:43 +1200
Syke <syke () mantissecurity net> writes:
Wouldn't it be easier to use honeyd(www.honeyd.org) with an LSASS or mydoom script? That way you can just check the logs for the binaries that were uploaded?
Yes, because you'll get an awful lot more than Sasser if you put an unpatched Win32 machine on the 'net. Even if you just leave off the MS04-011 patch, you could get other things, such as Korgo and Agobot variants IIRC. cheers, Jamie -- James Riden / j.riden () massey ac nz / Systems Security Engineer Information Technology Services, Massey University, NZ. GPG public key available at: http://www.massey.ac.nz/~jriden/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Wanted: Sasser executable and derivatives The Central Scroutinizer (Jun 26)
- <Possible follow-ups>
- Wanted: Sasser executable and derivatives The Central Scroutinizer (Jun 26)
- Re: Wanted: Sasser executable and derivatives Bob Perriero (Jun 27)
- Re: Wanted: Sasser executable and derivatives Syke (Jun 27)
- Re: Wanted: Sasser executable and derivatives James Riden (Jun 28)
- Re: Wanted: Sasser executable and derivatives Steve Kudlak (Jun 28)
- Re: Wanted: Sasser executable and derivatives Bob Perriero (Jun 27)