Re: [Full-Disclosure] Unpacking Sasser

["Lee" <cheekypeople@xxxxxxxxx>]

As a side note I use Vmware workstation and GSX server edition to create
enviroments that can be trashed and re-used at will, just wanted to add
another secure way of testing malware etc...

Regards

Lee @ STS
http://www.seethrusec.co.uk
Building Knowledge and Security..
----- Original Message ----- 
From: "-" <dsx_news@xxxxxx>
To: <full-disclosure@xxxxxxxxxxxxxxxx>
Sent: Sunday, May 02, 2004 6:47 PM
Subject: Re: [Full-Disclosure] Unpacking Sasser


> I would like a copy fom Sasser, too.
>
> Thanks a lot....
>
> Greets fom Germany...
>
>
> >>Stupidly I was infected with Sasser last night and whilst trying to
identify
> >>the program I found that the code was packed and I could find no way of
> >>idenifying the packer from the EXE (avserve.exe produced no relevant
hits on
> >>Google). Could anyone tell me what unpacker to use to analyse the code?
And
> >>how was this determined?
> >>
> >>Cheers in Advance.
> >>
> >>Tom
> >>
> >>P.S: If anyone would like a copy of the file to look at, feel free to
ask.
> >>
> >>P.S.S: This is my first post, go easy. ;)
> >>
> >>_________________________________________________________________
> >>FREE pop-up blocking with the new MSN Toolbar  get it now!
> >>http://toolbar.msn.com/go/onm00200415ave/direct/01/
> >>
> >>_______________________________________________
> >>Full-Disclosure - We believe in it.
> >>Charter: http://lists.netsys.com/full-disclosure-charter.html
> >>
> >>
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> >
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html