Re: plugin for symantec exploit?

Fri, 05 Jan 2007 15:53:26 -0800 

agreed -- it would be nice if there were a plugin to identify
the vulnerability without requiring registry access..
i have several chunks of malcode that have been doing this
since mid-Dec. seems like a useful plugin for nessus given the
widespread outbreaks..

the attempts i am seeing on the wire look something like:

(targeting tcp/2967)

... ............
.$......>3.4%.C.
..\/aaaaaaaaaaaa
aaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaa
aaabbbbbbbbbbbbb
bbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbb
bbbb..""""""""""
""""""""""""""""
""""""""""""""""
""""""""""""""""
""""""""""""""""
""""""""""""""""
""""""""""""""""
""""""""""""""""
""""""""""""""""
""""""""""""""""
""""""""""""""""
""""""""""""""""
""""""""""""""""
""""""""""""""""
""""""""""""""""
""""""""""""""""
"""""""..ddddddd
dddddddddddddddd
dddddddddddddddd
dddddddddddddddd
dddddddddddddddd
dddddddddddddddd
dddddddddddddddd
dddddddddddddddd
dddddddddddddddd
dddddddddddddddd
dddddddddddddddd
dddddddddddddddd
dddddddddddddddd
dddddddddddddddd
dddddddddddddddd
dddddddddddddddd
dddddddddd..eeee
eeeeeeeeeeeeeeee
eeeeeeeeeeeeeeee
eeeeeeeeeeeeeeee
eeeeeeeeeeeeeeee
eeeeeeeeeeeeeeee
eeeeeeeeeeeeeeee
eeeeeeeeeeeeeeee
eeeeeeeeeeeeeeee
eeeeeeeeeeeeeeee
eeeeeeeeeeeeeeee
eeeeeeeeeeeeeeee
eeeeeeeeeeeeeeee
eeeeeeeeeeeeeeee
eeeeeeeeeeeeeeee
eeeeeeeeeeeeeeee
eeeeeeeeeeeee..f
ffffffffffffffff
ffffffffffffffff
ffffffffffffffff
ffff

-----------------

ffffffffffffffff
ffffffffffffffff
ffffffffffffffff
ffffffffffffffff
ffffffffffffffff
ffffffffffffffff
ffffffffffffffff
ffffffffffffffff
ffffffffffffffff
ffffffffffffffff
ffffffffffffffff
ffffffffffffffff
ffffffffffff..gg
gggggggggggggggg
gggggggggggggggg
gggggggggggggggg
gggggggggggggggg
gggggggggggggggg
gggggggggggggggg
gggggggggggggggg
gggggggggggggggg
gggggggggggggggg
gggggggggggggggg
gggggggggggggggg
gggggggggggggggg
gggggggggggggggg
gggggggggggggggg
gggggggggggggggg
ggggggggggggggg.
.hhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhh
hh..iiiiiiiiiiii
iiiiiiiiiiiiiiii
iiiiiiiiiiiiiiii
iiiiiiiiiiiiiiii
iiiiiiiiiiiiiiii
iiiiiiiiiiiiiiii
iiiiiiiiiiiiiiii
iiiiiiiiiiiiiiii
iiiiiiiiiiiiiiii
iiiiiiiiiiiiiiii
iiiiiiiiiiiiiiii
iiiiiiiiiiiiiiii
iiiiiiiiiiiiiiii
iiiiiiiiiiiiiiii
iiiiiiiiiiiiiiii
iiiiiiiiiiiiiiii
iiiii..jjjjjjjjj
jjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjj
jjjjjjjj..kkkkkk
kkkkkkkkkkkkkkkk
kkkkkkkkkkkkkkkk
kkkkkkkkkkkkkkkk
kkkkkkkkkkkkkkkk
kkkkkkkkkkkkkkkk
kkkkkkkkkkkkkkkk
kkkkkkkkkkkkkkkk
kkkkkkkkkkkkkkkk
kkkk

------------------

kkkkkkkkkkkkkkkk
kkkkkkkkkkkkkkkk
kkkkkkkkkkkkkkkk
kkkkkkkkkkkkkkkk
kkkkkkkkkkkkkkkk
kkkkkkkkkkkkkkkk
kkkkkkkkkkkkkkkk
kkkkkkk..lllllll
llllllllllllllll
llllllllllllllAA
.....Pmm3.......
t$.[.s..........
4...  .x7.......
.R..............
C...&...d]......
...s..[..<......
C.4...~l......c.
....C.O......t..
........7.....L.
.......W...{...Q
.P..I4w...}x....
=t(x..,...<....W
..^....f].....(x
..o..&..ltQn.&..
.&..-....&....*x
.J.`....7.*x....
....A<....../.;.
*..tb'=.6.S.E.G,
cr..6jix...Q..-.
......*.7..*....
7..x7..WC......Q
.&..8S{..&.x....
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmm

-----------------

mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmm.



~cam.


On 12/27/06 10:23 AM, "Tim Rupp" <[EMAIL PROTECTED]> wrote:

> Hey list,
> 
> Maybe I'm missing it when I search for 'symantec' in the plugins area of
> nessus.org, but does anyone know if there is a plugin that can detect
> clients vulnerable to the 'big yellow' exploit?
> 
> Thanks,
> Tim
> _______________________________________________
> Nessus mailing list
> [email protected]
> http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Reply via email to