Penetration Testing mailing list archives
RE: MyDoom
From: "Simon Edwards" <spge () psiborg net>
Date: Wed, 4 Jan 2006 18:27:11 -0000
From: service pack Sent: 04 January 2006 18:14 To: Simon Edwards Subject: Re: MyDoom Guys, i think mydoom has a back door port. I believe there is an FTP exploit against mydoom that allows you to take it over. Mydoom has it's own ftp server for deliverying/hosting payload. maybe i'm thinking of sasser/dabber? http://www.lurhq.com/dabber.html Hi Mohamed , Yes, I think you are thinking of Sasser/Dabber, both of which run FTP servers and scan for the same. At least one version uses TCP port 5554. HTH Simon. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- MyDoom Mohamed Abdel Kader (Jan 02)
- RE: MyDoom Simon Edwards (Jan 04)
- RE: MyDoom Alan (Jan 05)
- Re: MyDoom xyberpix (Jan 05)
- Re: MyDoom Maxime Ducharme (Jan 04)
- RE: MyDoom IanC @ TracingEmails (Jan 04)
- <Possible follow-ups>
- RE: MyDoom Simon Edwards (Jan 04)
- RE: MyDoom Simon Edwards (Jan 04)