Full Disclosure mailing list archives
Re: Wanted: Sasser executable and derivatives
From: Steve Kudlak <chromazine () sbcglobal net>
Date: Mon, 28 Jun 2004 18:38:25 -0700
I look at what my antivirus things catch and what sentinare catches on my formal account. Sentinare is pretty good with all this stuff. I have not seen Sasser. I have seen Swen and BAGLE and IRCBOT. The IRCBots stopped when I turnd off sharing on pretty much everything. I was sharing files between my main Win2k machine and the virtua; Red Hat Linux I have been working with. Have Fun, Sends Steve James Riden wrote:
Syke <syke () mantissecurity net> writes:Wouldn't it be easier to use honeyd(www.honeyd.org) with an LSASS or mydoom script? That way you can just check the logs for the binaries that were uploaded?Yes, because you'll get an awful lot more than Sasser if you put an unpatched Win32 machine on the 'net. Even if you just leave off the MS04-011 patch, you could get other things, such as Korgo and Agobot variants IIRC. cheers, Jamie
Current thread:
- Wanted: Sasser executable and derivatives The Central Scroutinizer (Jun 26)
- <Possible follow-ups>
- Wanted: Sasser executable and derivatives The Central Scroutinizer (Jun 26)
- Re: Wanted: Sasser executable and derivatives Bob Perriero (Jun 27)
- Re: Wanted: Sasser executable and derivatives Syke (Jun 27)
- Re: Wanted: Sasser executable and derivatives James Riden (Jun 28)
- Re: Wanted: Sasser executable and derivatives Steve Kudlak (Jun 28)
- Re: Wanted: Sasser executable and derivatives Bob Perriero (Jun 27)