[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40DF8AF6.2060307@mantissecurity.net>
From: syke at mantissecurity.net (Syke)
Subject: Wanted: Sasser executable and derivatives
Bob Perriero wrote:
>If you really want viruses to study, it's not so difficult to put up
>an unpatched windows system directly attached to your cable modem (no
>firewall/router) and let it sit overnight. I'm sure that you will get
>more viruses than you'll ever need. Then simply load up knoppix or
>knoppix-std and retrieve all your files.
>
>-Bob
>
>
>----- Original Message -----
>From: The Central Scroutinizer <scroutinizer@...b.net>
>Date: Sat, 26 Jun 2004 17:50:00 +0100
>Subject: [Full-Disclosure] Wanted: Sasser executable and derivatives
>To: full-disclosure@...ts.netsys.com
>
>
>Hi again,
>
>Would you please send any executables direct to me, zipped and encoded
>with a password in order to get through my e-mail anti virus software,
>
>Many thanks
>
>CS
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
Wouldn't it be easier to use honeyd(www.honeyd.org) with an LSASS or
mydoom script? That way you can just check the logs for the binaries
that were uploaded?
--
Syke, Founder of Mantis Security Networks
http://www.MantisSecurity.net
Bringing Security To New Standards
Powered by blists - more mailing lists