bug bear virus detection tip
[1/5] from: gchiu::compkarori::co::nz at: 5-Oct-2002 8:07
If you're using Rebol to read your email, then before
decoding any base64 non html attachments, just scan the
attachment for:
QogHR0l19+lj////kIsCg8IEiQeDxwSD6QR38QHP6Uz///9eife5fwUAAIoHRyzoPAF394A/DHX
and that should pick up the bugbear virus.
--
Graham Chiu
[2/5] from: brett:codeconscious at: 5-Oct-2002 10:41
> Subject: [REBOL] bug bear virus detection tip
Thanks for that Graham, that explains a suspect looking email I received
recently from a friend.
Brett.
[3/5] from: petr:krenzelok:trz:cz at: 5-Oct-2002 5:44
Brett Handley wrote:
>>Subject: [REBOL] bug bear virus detection tip
>>
>>
>
>Thanks for that Graham, that explains a suspect looking email I received
>recently from a friend.
>
>Brett.
>
I have written very primitive script which scans given IP range and asks
DNS for machine-name. BugBear opens certain listen port, so it is rather
easy to find such machines :-) That kind of stuff can make rebol more
popular among our company admins :-)
-pekr-
[4/5] from: gchiu:compkarori at: 5-Oct-2002 16:29
On Sat, 05 Oct 2002 05:44:26 +0200
Petr Krenzelok <[petr--krenzelok--trz--cz]> wrote:
>I have written very primitive script which scans given IP
>range and asks DNS for machine-name. BugBear opens
>certain listen port, so it is rather easy to find such
>machines :-) That kind of stuff can make rebol more
>popular among our company admins :-)
>
Do share :)
--
Graham Chiu
[5/5] from: petr:krenzelok:trz:cz at: 5-Oct-2002 7:00
Graham Chiu wrote:
> On Sat, 05 Oct 2002 05:44:26 +0200
> Petr Krenzelok <[petr--krenzelok--trz--cz]> wrote:
<<quoted lines omitted: 5>>
>>
> Do share :)
REBOL []
ip-sub: ask "Enter ip (e.g. 172.25.7): "
for i 1 255 1 [
ip: join ip-sub ["." i]
print ["Checking IP: " ip]
if not error? try [
port: open join tcp:// [ip ":36794"]
][
user?: read join dns:// ip
write/append %infected.txt join "" [ip " " user? newline]
print ["IP " ip " infected" user?]
close port
]
]
That is the general one. I have also slightly modified one, which takes
list of IPs from user config objects we store for each user, so it
checks certain IPs, not ranges.
It is pity we don't have async networking read yet, so we can't
influence connection time ... so - it may appear slow at some
situations, but will do the job.
-pekr-
Notes
- Quoted lines have been omitted from some messages.
View the message alone to see the lines that have been omitted