[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Sasser or other nasty worm needed
- To: kikazz <kikazz@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Sasser or other nasty worm needed
- From: Michael Holstein <michael.holstein@xxxxxxxxxxx>
- Date: Mon, 27 Nov 2006 13:26:59 -0500
> Does anyone have a copy of Sasser or a similar worm that they would be
> willing to send or link me to? Please contact me off-list. I would be
> happy to verify my identity as a high school teacher off-list as I'm sure
> that is a concern for most anyone who has what I am looking for.
You're kidding, right? .. just take a fresh install of Win2K and hook it
to the Internet.
Go get coffee. Come back in ~15min.
Boot to BartPE (or Knoppix, etc) and look for anything new in
%systemroot%. You'll probably have more than one. It'll be a binary
though, probably packed/encrypted 3+ times (and that's annoying, but not
impossible, to reverse-engineer).
The source code for all the [SD|RX|AGO]bot variants is easily found on
the web. Recompile in Visual Basic, pack with UPX (or whatever) and off
you go.
To prison that is...
Meanwhile .. a quick look at your email :
Received: from blueberry ( [69.3.80.94])
by mx.google.com with ESMTP id i20sm9690041wxd.2006.11.26.14.32.22;
Sun, 26 Nov 2006 14:32:22 -0800 (PST)
From: "kikazz" <kikazz@xxxxxxxxx>
suggests that you aren't a teacher at all ..
network:IP-Network-Block:69.3.80.88 - 69.3.80.95
network:Org-Name:Compu' Counts Consulting Inc.
network:Street-Address:6174 Darleon Place
network:City:ALEXANDRIA
network:State:VA
network:Postal-Code:22310
<sigh> .. another consultant that is trying to get other folks to do his
dirty work...
Cheers,
Michael Holstein CISSP GCIA
Information Security Administrator
Cleveland State University
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/