Full Disclosure mailing list archives
Re: Exploiting a Worm
From: Valdis.Kletnieks () vt edu
Date: Tue, 13 Sep 2005 19:10:48 -0400
On Wed, 14 Sep 2005 00:01:17 BST, Paul Farrow said:
Another thing you could do is install an anti-virus app or by some other means identify the worm that is active and possibly get a variant version id. Find out how the worm installs itself, reverse engineer it, and remove it.
If he's doing a pen test, the problem is "convince a PHB that having a zombie on the net is bad, and the PHB requires a "show me" demo before accepting it"... So unless he can rub the PHB's face in it ("See? this zombie on this secretary's desk will let a hacker in Eastern Europe whack our payroll database...."), the site probably won't actually do anything about the security practices that let a machine get whacked by whatever worm it was....
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Exploiting a Worm Ian Gizak (Sep 13)
- Re: Exploiting a Worm Nick FitzGerald (Sep 13)
- Re: Exploiting a Worm Paul Farrow (Sep 13)
- Re: Exploiting a Worm Valdis . Kletnieks (Sep 13)
- RE: Exploiting a Worm Lyal Collins (Sep 13)
- Re: Exploiting a Worm Ivan . (Sep 13)
- Re: Exploiting a Worm Frank Knobbe (Sep 14)
- <Possible follow-ups>
- Exploiting a Worm Ian Gizak (Sep 13)