Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Exploiting a Worm

From: Valdis.Kletnieks () vt edu
Date: Tue, 13 Sep 2005 19:10:48 -0400
On Wed, 14 Sep 2005 00:01:17 BST, Paul Farrow said:

Another thing you could do is install an anti-virus app or by some other 
means identify the worm that is active and possibly get a variant 
version id.
Find out how the worm installs itself, reverse engineer it, and remove it.


If he's doing a pen test, the problem is "convince a PHB that having a zombie
on the net is bad, and the PHB requires a "show me" demo before accepting it"...

So unless he can rub the PHB's face in it ("See?  this zombie on this secretary's
desk will let a hacker in Eastern Europe whack our payroll database...."), the
site probably won't actually do anything about the security practices that let
a machine get whacked by whatever worm it was....

Attachment: _bin
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: