[Dshield] Disassembly...

Bill Schwanitz bilsch at secureinteriors.com
Thu Aug 14 14:03:29 GMT 2003

Chris Ream wrote:

> I sent it to all who requested (I think)... if you didn't get it let me
> know and I'll send it to you.
> Chris.
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list

I would be more interested in the binaries of the actual exploit. Mostly 
I wanted to watch a system get infected/compromised live for forensic 
purposes but my ISP is already blocking the ports related to the virus.

Is there a way I could get a copy of any binaries associated with this 
virus along with the disassembly? Also, if you have it, a tcpdump 
session of the attack would be most helpful - in fact, thats really all 
I need. I can get the binaries out of that (which is my goal, along with 
tracing the infection/attack process).


Bill Schwanitz
Security Analyst II
Secure Interiors

More information about the list mailing list