Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MyDoom

From: xyberpix <xyberpix () xyberpix com>
Date: Thu, 5 Jan 2006 21:39:54 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If you could run a sniffer on their network and see what traffic is trying to get to what IRC server it may be offline now, so you could always set your own one up and spoof the IP ;-) Or maybe that's just me ;-) 

xyberpix

On 4 Jan 2006, at 11:37, Simon Edwards wrote:


-----Original Message-----
From: Mohamed Abdel Kader [mailto:mak.pen () gmail com]
Sent: 02 January 2006 09:59
To: pen-test () securityfocus com
Subject: MyDoom
Hello All,
I am currently trying to penetrate a client having the mydoom virus. Any 
suggestions? Does anyone have any kind of client I can use?

My understanding is that Mydoom-infected hosts receive commands by
connecting to an IRC channel. I don't think you can connect directly to it. It's always possible (but not that likely) that the author of the virus has controlled your client's PC and uploaded some other Trojan, which might be 
controllable by connecting directly to it.
Simon.
---------------------------------------------------------------------- -------- 
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
---------------------------------------------------------------------- --------- 



Blog: http://xyberpix.blogspot.com



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFDvZIqcRMkOnlkwMERAl8mAJ4vley5LK5QgIQc1WbDdoQF/GDNqgCfYZAe
8x4I331kOVsaEN0yGUHE1vw=
=5m9i
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: 

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: