[Intrusions] question re: sasser variants? [linux crossover?]
Sean Rooney
sean at coldstream.ca
Tue Jul 6 20:59:04 GMT 2004
We are seeing what looks like a Sasser worm (exploits port 445
netbios defects on Windows to set up shop and reproduce) but some of the
origins are actually Linux boxes. Are you aware of a variant that
performs
some other attack to lodge on Linux systems? I'm afraid I can't give
you
much more information than that. for the time being.
I'm attempting to capture live data [ethereal] and a live sample of
this worm if able, and will supply followup technical analysis at an
appropriate time. [I like things you can measure and quantify in
precise terms
the potential impact of this type of crossover is still being evaluated
and we invite commentary.
Cheers
-sr
-------------------------------------------------------------
Sean Rooney, CTO
ColdStream Associates Ltd.
PGP fingerprint:
C32C 88A0 86A8 2BBE 2911 D855 1CE1 1679 6B52 405C
"Illos laetae devorunt, qui nos subicient."
TigerTeaming Whitepaper:
http://www.coldstream.ca/resources/tigerteams.pdf
Ask about our spring special for packaged IT-Security Testing.
More information about the Intrusions
mailing list