[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Wanted: Sasser executable and derivatives
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Wanted: Sasser executable and derivatives
- From: James Riden <j.riden@xxxxxxxxxxxx>
- Date: Mon, 28 Jun 2004 18:17:43 +1200
Syke <syke@xxxxxxxxxxxxxxxxxx> writes:
> Wouldn't it be easier to use honeyd(www.honeyd.org) with an LSASS or
> mydoom script? That way you can just check the logs for the binaries
> that were uploaded?
Yes, because you'll get an awful lot more than Sasser if you put an
unpatched Win32 machine on the 'net. Even if you just leave off the
MS04-011 patch, you could get other things, such as Korgo and Agobot
variants IIRC.
cheers,
Jamie
--
James Riden / j.riden@xxxxxxxxxxxx / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html