Full Disclosure mailing list archives
Re: Which worm?
From: "Maxime Ducharme" <mducharme () cybergeneration com>
Date: Thu, 15 Apr 2004 10:07:52 -0400
Same thing for me :) Here are some dumps i got if someone would like to study them : http://maxon.homeip.net/3127dumps/ login : mydoom pass : 3127 Archive pass : 3127dumps If you do any analysis, please cc me i'm interested. Have a nice day Maxime Ducharme Programmeur / Spécialiste en sécurité réseau ----- Original Message ----- From: "bob sagart" <bobsagart500 () hotmail com> To: <full-disclosure () lists netsys com> Sent: Tuesday, April 13, 2004 10:22 PM Subject: RE: [Full-disclosure] Which worm?
Heres the capture file I got, I started sending this to individual people but I decided to send it to the whole list so sorry if your one of the
ones
that got it twice. the zip file password is: passFrom: "bob sagart" <bobsagart500 () hotmail com> To: full-disclosure () lists netsys com Subject: [Full-disclosure] Which worm? Date: Tue, 13 Apr 2004 23:53:17 +1200 MIME-Version: 1.0 Hey everyone The other night I decided to see what traffic I could capture on tcp port 3127 (MyDoom backdoor) since I have been getting a lot of connection attemps showing up in my firewall logs. I got several dumps of the traffic using nc -l -p 3127 > out.dmp most of them are around 10-20kB which I thought was the about the right size of most of the worms and backdoors using that port. But one of the dumps I got was 150kB and I was just wondering if anyone could tell me
what
I might be? I cannot send it as an attachment as hotmail says it is a virus. Thanks. _________________________________________________________________ Check out news, entertainment and more @ http://xtra.co.nz/broadband _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_________________________________________________________________ Check out news, entertainment and more @ http://xtra.co.nz/broadband
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Which worm? bob sagart (Apr 13)
- Re: Which worm? Axel Pettinger (Apr 13)
- Re: Which worm? Maxime Ducharme (Apr 13)
- <Possible follow-ups>
- RE: Which worm? John LaCour (Apr 13)
- RE: Which worm? bob sagart (Apr 13)
- Re: Which worm? Maxime Ducharme (Apr 15)
- Re: Which worm? Wolfram Schroeder (Apr 15)
- Re: Which worm? morning_wood (Apr 15)
- Re: Which worm? Maxime Ducharme (Apr 15)
- RE: Which worm? Willem Koenings (Apr 15)
- re: Which worm? Willem Koenings (Apr 15)
- Re: Which worm? Hugh Mann (Apr 15)