lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 27 Nov 2006 13:26:59 -0500
From: Michael Holstein <michael.holstein@...ohio.edu>
To: kikazz <kikazz@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Sasser or other nasty worm needed

> Does anyone have a copy of Sasser or a similar worm that they would be
> willing to send or link me to?  Please contact me off-list.  I would be
> happy to verify my identity as a high school teacher off-list as I'm sure
> that is a concern for most anyone who has what I am looking for.  

You're kidding, right? .. just take a fresh install of Win2K and hook it 
to the Internet.

Go get coffee. Come back in ~15min.

Boot to BartPE (or Knoppix, etc) and look for anything new in 
%systemroot%. You'll probably have more than one. It'll be a binary 
though, probably packed/encrypted 3+ times (and that's annoying, but not 
impossible, to reverse-engineer).

The source code for all the [SD|RX|AGO]bot variants is easily found on 
the web. Recompile in Visual Basic, pack with UPX (or whatever) and off 
you go.

To prison that is...

Meanwhile .. a quick look at your email :

Received: from blueberry ( [69.3.80.94])
	by mx.google.com with ESMTP id i20sm9690041wxd.2006.11.26.14.32.22;
	Sun, 26 Nov 2006 14:32:22 -0800 (PST)
From: "kikazz" <kikazz@...il.com>

suggests that you aren't a teacher at all ..

network:IP-Network-Block:69.3.80.88 - 69.3.80.95
network:Org-Name:Compu' Counts Consulting Inc.
network:Street-Address:6174 Darleon Place
network:City:ALEXANDRIA
network:State:VA
network:Postal-Code:22310

<sigh> .. another consultant that is trying to get other folks to do his 
dirty work...

Cheers,

Michael Holstein CISSP GCIA
Information Security Administrator
Cleveland State University

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ