Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

analysis of Troj/Winser-A

from [Steve Friedl] Network Security [Permanent Link]
Subject: analysis of Troj/Winser-A
Date: Thu, 6 Jan 2005 22:18:27 -0800 
Hello all,

The WINS worm that is running around was identified by Sophos as
"Troj/Winser-A", but I've not seen much discussion of the technical
details save for talk of the SNORT rules.

Lawrence Baldwin of www.MyNetWatchman.com captured this thing, and I've
been taking it apart over the last few days. It comes in two parts -
a standalone exploit program, plus a much larger IRC bot-type program.

My work-in-progress can be found here:

        http://www.unixwiz.net/research/winser-a.html

If others have posted better analysis, I'd love to know about it so I
don't waste any more time :-)

Steve

-- 
Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | steve@unixwiz.net
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • analysis of Troj/Winser-A, Steve Friedl <=
Previous by Date:  Re: DoS attack... what to do?, Valdis . Kletnieks
Next by Date:  IE Malware / Spyware Control Methods, Illuminatus Master
Previous by Thread:  Botnet is back, and some info FYI., BahdKo
Next by Thread:  IE Malware / Spyware Control Methods, Illuminatus Master
Indexes:  [Date] [Thread] [Top] [All Lists]