RE: [Full-disclosure] Exploiting a Worm

["Aditya Deshmukh" <aditya.deshmukh () online gateway strangled net>]

> Does anyone knows a way to exploit this worm to get access to 
> the system?

Depends on what kind of worm is that. There could be plenty of 
things that you would have to look into

It could be one or all of these things...

1. the worm might be anyone of the 900 versions of *bot family
2. someone might have made a custom compilation of the same worm
Which means that it will never be detected by any antivirus
3. It might be using port knocking so you might not find anything
to "access" the system
4. The contol connection to the "server" might be encrypted


So the best action would be .... 

1. bring the machine offline 
2. image the drive 
3. reinstall the original machine from a clean source 
4. use the image that you made to setup a vmware or some other honeypot
5. keep a log of all the traffic and you will find what is happening.







________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------