[Dshield] new msblaster on the loose?

John D. lists at webcrunchers.com
Wed Aug 13 20:37:12 GMT 2003


>This message was converted from multipart/signed to ascii armored
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Content-Type: text/plain
>Content-Transfer-Encoding: quoted-printable
>
>On Wed, 2003-08-13 at 13:46, Craig Shaw wrote:
>> Trend and Symantec have both reported a new variant.
>
>if anybody managed to capture one of the variants, please send it along.
>It should be fairly easy using netcat (and a tftp client to pull the
>binary, if it
>still uses tftp)

I aso want a dis-assembled ver of it as well.  I'm faced with the responsibility of getting a snort rule for it ASAP.

John





More information about the list mailing list