From: Aditya Deshmukh (aditya.deshmukh@online.gateway.strangled.net)
Date: Tue Sep 13 2005 - 22:28:35 EDT
> Does anyone knows a way to exploit this worm to get access to
> the system?
Depends on what kind of worm is that. There could be plenty of
things that you would have to look into
It could be one or all of these things...
1. the worm might be anyone of the 900 versions of *bot family
2. someone might have made a custom compilation of the same worm
Which means that it will never be detected by any antivirus
3. It might be using port knocking so you might not find anything
to "access" the system
4. The contol connection to the "server" might be encrypted
So the best action would be ....
1. bring the machine offline
2. image the drive
3. reinstall the original machine from a clean source
4. use the image that you made to setup a vmware or some other honeypot
5. keep a log of all the traffic and you will find what is happening.
________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:53 EDT