Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

bug bear virus detection tip

 [1/5] from: gchiu::compkarori::co::nz at: 5-Oct-2002 8:07


If you're using Rebol to read your email, then before decoding any base64 non html attachments, just scan the attachment for: QogHR0l19+lj////kIsCg8IEiQeDxwSD6QR38QHP6Uz///9eife5fwUAAIoHRyzoPAF394A/DHX and that should pick up the bugbear virus. -- Graham Chiu

 [2/5] from: brett:codeconscious at: 5-Oct-2002 10:41


> Subject: [REBOL] bug bear virus detection tip
Thanks for that Graham, that explains a suspect looking email I received recently from a friend. Brett.

 [3/5] from: petr:krenzelok:trz:cz at: 5-Oct-2002 5:44


Brett Handley wrote:
>>Subject: [REBOL] bug bear virus detection tip >> >> > >Thanks for that Graham, that explains a suspect looking email I received >recently from a friend. > >Brett. >
I have written very primitive script which scans given IP range and asks DNS for machine-name. BugBear opens certain listen port, so it is rather easy to find such machines :-) That kind of stuff can make rebol more popular among our company admins :-) -pekr-

 [4/5] from: gchiu:compkarori at: 5-Oct-2002 16:29


On Sat, 05 Oct 2002 05:44:26 +0200 Petr Krenzelok <[petr--krenzelok--trz--cz]> wrote:
>I have written very primitive script which scans given IP >range and asks DNS for machine-name. BugBear opens >certain listen port, so it is rather easy to find such >machines :-) That kind of stuff can make rebol more >popular among our company admins :-) >
Do share :) -- Graham Chiu

 [5/5] from: petr:krenzelok:trz:cz at: 5-Oct-2002 7:00


Graham Chiu wrote:
> On Sat, 05 Oct 2002 05:44:26 +0200 > Petr Krenzelok <[petr--krenzelok--trz--cz]> wrote:
<<quoted lines omitted: 5>>
>> > Do share :)
REBOL [] ip-sub: ask "Enter ip (e.g. 172.25.7): " for i 1 255 1 [ ip: join ip-sub ["." i] print ["Checking IP: " ip] if not error? try [ port: open join tcp:// [ip ":36794"] ][ user?: read join dns:// ip write/append %infected.txt join "" [ip " " user? newline] print ["IP " ip " infected" user?] close port ] ] That is the general one. I have also slightly modified one, which takes list of IPs from user config objects we store for each user, so it checks certain IPs, not ranges. It is pity we don't have async networking read yet, so we can't influence connection time ... so - it may appear slow at some situations, but will do the job. -pekr-

Notes
  • Quoted lines have been omitted from some messages.
    View the message alone to see the lines that have been omitted