[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Wanted: Sasser executable and derivatives

To: James Riden <j.riden@xxxxxxxxxxxx>, fulldis list <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Wanted: Sasser executable and derivatives
From: Steve Kudlak <chromazine@xxxxxxxxxxxxx>
Date: Mon, 28 Jun 2004 18:38:25 -0700


I look at what my antivirus things catch and what sentinare catches on
my formal account. Sentinare is pretty good with all this stuff. I have
not seen Sasser. I have seen Swen and BAGLE and IRCBOT.
The IRCBots stopped when I turnd off sharing on pretty much everything.
I was sharing files between my main Win2k machine and the virtua;
Red Hat Linux I have been working with.

Have Fun,
Sends Steve

James Riden wrote:

Syke <syke@xxxxxxxxxxxxxxxxxx> writes:

Wouldn't it be easier to use honeyd(www.honeyd.org) with an LSASS or mydoom script? That way you can just check the logs for the binaries that were uploaded?
Yes, because you'll get an awful lot more than Sasser if you put an
unpatched Win32 machine on the 'net. Even if you just leave off the
MS04-011 patch, you could get other things, such as Korgo and Agobot
variants IIRC.
cheers, Jamie

References:
- [Full-Disclosure] Wanted: Sasser executable and derivatives
  - From: The Central Scroutinizer
- Re: [Full-Disclosure] Wanted: Sasser executable and derivatives
  - From: Bob Perriero
- Re: [Full-Disclosure] Wanted: Sasser executable and derivatives
  - From: Syke
- Re: [Full-Disclosure] Wanted: Sasser executable and derivatives
  - From: James Riden

Prev by Date: RE: [Full-Disclosure] Microsoft and Security
Next by Date: Re: [Full-Disclosure] Microsoft and Security
Previous by thread: Re: [Full-Disclosure] Wanted: Sasser executable and derivatives
Next by thread: [Full-Disclosure] ZH2004-14SA (security advisory):Sql Injection in Infinity WEB
Index(es):
- Date
- Thread