Re: [Full-Disclosure] Wanted: Sasser executable and derivatives

[Syke <syke@xxxxxxxxxxxxxxxxxx>]

Bob Perriero wrote:

> If you really want viruses to study, it's not so difficult to put up
> an unpatched windows system directly attached to your cable modem (no
> firewall/router) and let it sit overnight. I'm sure that you will get
> more viruses than you'll ever need. Then simply load up knoppix or
> knoppix-std and retrieve all your files.
>
> -Bob
>
>
> ----- Original Message -----
> From: The Central Scroutinizer <scroutinizer@xxxxxxxx>
> Date: Sat, 26 Jun 2004 17:50:00 +0100
> Subject: [Full-Disclosure] Wanted: Sasser executable and derivatives
> To: full-disclosure@xxxxxxxxxxxxxxxx
>
>
> Hi again,
>
> Would you please send any executables direct to me, zipped and encoded
> with a password in order to get through my e-mail anti virus software,
>
> Many thanks
>
> CS
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>  
 Wouldn't it be easier to use honeyd(www.honeyd.org) with an LSASS or 
mydoom script? That way you can just check the logs for the binaries 
that were uploaded?

--
Syke, Founder of Mantis Security Networks
http://www.MantisSecurity.net
Bringing Security To New Standards

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html