[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87zn6o8auw.fsf@it029205.massey.ac.nz>
From: j.riden at massey.ac.nz (James Riden)
Subject: Wanted: Sasser executable and derivatives
Syke <syke@...tissecurity.net> writes:
> Wouldn't it be easier to use honeyd(www.honeyd.org) with an LSASS or
> mydoom script? That way you can just check the logs for the binaries
> that were uploaded?
Yes, because you'll get an awful lot more than Sasser if you put an
unpatched Win32 machine on the 'net. Even if you just leave off the
MS04-011 patch, you could get other things, such as Korgo and Agobot
variants IIRC.
cheers,
Jamie
--
James Riden / j.riden@...sey.ac.nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
Powered by blists - more mailing lists