HI,
You can use PEiD to try to unpack Sasser (http://peid.has.it/)
you can also catch this worm by creating a shell script called catch.sh
catch.sh would contain two lines :
nc -l -p 445 > ~/catched.dump$$
./catch.sh &
then you just have to launch it : ./catch.sh &
that will create files with random names for each incomming connexion to
port 445 containing a dump of the trafic in your home directory.
Tek Rulez
------------------------------------
ALAOUI ABDELLAOUI Youssef alias ANALYSTE
Delegue Promo 2008
-{Epitech}- European Institute of Technology
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
