#1
Hi, ich hab das aus der full-disclosure MailingListe Kanns leider nicht ausprobieren Vielleicht hilfts aber jemand anderem
Zitat
For people who did have not the priviledge of getting infected with sasser because of firewall/AV/patch or they are smart enough to use Linux (like me.... hey now no flame war on this *please*), here is a simple way to catch sasser:
Step 1:Scanning for infected machines (from a Linux box): --------------------------------------------------------- Get doscan from:http://www.enyo.de/fw/software/doscan/
Step Two: Getting the virus --------------------------- Copy the following set of commands into a file (or type them from ftp prompt): ---------ftp_commands------ open <infected m/c IP> 5554 anonymous user bin get 7584_up.exe bye ---------------------- then from cmd prompt of your *windows* machine, run:
c:\>ftp -s:ftp_commands
This will fetch you a copy of the virus as 7584_up.exe. The ftp_commands, actually logs into the ftp server of sasser on port 5554 of the infected machine with username "anonymous" and password "user", and then issues a PORT command to download the virus.
Shashank Rai ----------- Network and Information Security Team, Emirates Telecommunication Corporation,
ich hab das aus der full-disclosure MailingListe
Kanns leider nicht ausprobieren
Vielleicht hilfts aber jemand anderem
Zitat
Gruß paff__________
http://www.downclockers.com/ourforum/index.php?board=71.0 Reverse Engineering Malware