Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Exploiting a Worm
From: "Drage, Nick" <nick.drage () eds com>
Date: Fri, 16 Sep 2005 12:35:20 +0100

Does anyone knows a way to exploit this worm to get access 
to the system?

Maybe it's just me, but I'd worry more about letting the 
client know they have an infected and owned system on their 
network than trying to figure out if I could further exploit 
it.  Especially if it's likely that the infection is actively 
being used by someone.

It's not just you, I would expect that the customer doesn't care whether
the malware can be exploited or not.  I thought it was standard practice
to notify the customer immediately of the presence of such software so
it can be removed or so the machine can be rebuilt, yes?

-- 
Nick Drage
EDS UK Penetration Testing Team

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]