| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <40E0C811.1090102@sbcglobal.net> From: chromazine at sbcglobal.net (Steve Kudlak) Subject: Wanted: Sasser executable and derivatives I look at what my antivirus things catch and what sentinare catches on my formal account. Sentinare is pretty good with all this stuff. I have not seen Sasser. I have seen Swen and BAGLE and IRCBOT. The IRCBots stopped when I turnd off sharing on pretty much everything. I was sharing files between my main Win2k machine and the virtua; Red Hat Linux I have been working with. Have Fun, Sends Steve James Riden wrote: >Syke <syke@...tissecurity.net> writes: > > > > >> Wouldn't it be easier to use honeyd(www.honeyd.org) with an LSASS or >>mydoom script? That way you can just check the logs for the binaries >>that were uploaded? >> >> > >Yes, because you'll get an awful lot more than Sasser if you put an >unpatched Win32 machine on the 'net. Even if you just leave off the >MS04-011 patch, you could get other things, such as Korgo and Agobot >variants IIRC. > >cheers, > Jamie > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040628/6cfa0ee6/attachment.html
Powered by blists - more mailing lists