site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > mNW Alert: Iraq Worm propagating via tcp/445

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


Steve
I know your IP address
Consultant
join:2001-03-10
Yorba Linda, CA
kudos:5

reply to NetWatchMan

Re: mNW Alert: 'IraqWorm' propagating via tcp/445

This has been a fun collaboration.

Lawrence's great myNetWatchman service detected this, and he's been able to see how it's spreading. Philip and Lawrence did dynamic analysis on a running system and are now probably sick of packet traced. I've been doing static analysis of the binary, reverse engineering it back to C++. I'm still working on the fine points of the code, but we're sure we know exactly what this worm does.

Steve
--
Stephen J. Friedl • Security Consultant • Tustin, California USA • my web site
to forum · permalink · 2002-12-16 16:04:19 ·


Flippant
So Much For Subtlety
Premium,Mod
join:2000-06-04
Katy, TX

Kudos guys very nice work! What a weird list of passwords. I bet the most hits happen with the "blank" one.

Again fantastic job!

to forum · permalink · 2002-12-16 21:46:10 ·
Forums > Broadband Tech > Security > Security

Sunday, 03-Jun 23:05:41 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics