Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Worm's Worm

Posted by michael on from the meta dept.

Carnildo writes "There's a new worm out, according to the Register, but one with a twist. This one, called 'Dabber', infects computers by exploiting a security hole in the Sasser worm."

3 of 345 comments (clear)

  1. Re:Is not the first time it happens by grunthos · · Score: 5, Informative
    No, they both exploited the same holes in IIS.

    Perhaps you are thinking of Welchia which exploited IIS but also removed Blaster.

    --

    My son's 5th grade teacher actually assigned them "write a limerick about a planet". I'm not kidding.
  2. Exploit available on packetstorm by Anonymous Coward · · Score: 5, Informative

    The mentioned code, which is used in Dabber, can be found at http://packetstormsecurity.nl/0405-exploits/sasser ftpd.c

  3. Add it to nmap! by JThundley · · Score: 5, Informative

    Add the sasser FTP server to your nmap-services file. I run Gentoo, mines in /usr/share/nmap.

    Add this line:
    sasser 5554/tcp # Sasser worm FTP server

    This way when you do a port scan of a host, you can tell if they've been infected with sasser :)