On Tue, 16 Aug 2005, Talwar, Puneet (NIH/NIAID) wrote:
> I would like to know is there an update plug in which I can load for this
> W32/Sdbot.worm.gen.h Virus? Plus, does anybody know what exactly is suppose
> to happen if any of the servers/workstations is infected with this virus?
First off: Who claimed the name? Without the name of a virusscanner the
name of a virus could be completely useless. (Trust me I have done the
research to know what a mess it realy is ;-)
But let us assume you mean the one on:
http://vil.nai.com/vil/content/v_125001.htm
With details of the family on:
http://vil.nai.com/vil/content/v_100454.htm
It is unlikely you will see a nasl script for this virus.
There are howerver plenty of scripts looking for the vulnerabilities used
by this virus like the DCOM RPC vulnerability, the WEBDAV vulnerability
and the LSASS vulnerability.
If you think of a completely different one (and not clone number N of the
same one) you need to be much more specific in your request.
Hugo.
--
I hate duplicates. Just reply to the relevant mailinglist.
[EMAIL PROTECTED] http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of magicians,
for they are subtle and quick to anger.
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
