[Plugins-writers] w32.spybot.fbg script

• Previous message: Paul Johnston: "[Plugins-writers] Add bodyonly:1 to a few XSS plugins"
• Next in thread: Renaud Deraison: "Re: [Plugins-writers] w32.spybot.fbg script"
• Reply: Renaud Deraison: "Re: [Plugins-writers] w32.spybot.fbg script"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Couple of questions/issues regarding this script:

1) The URL reference within the script is definitely wrong, no such link
    exists.  The link, to be consistent, should likely be: 
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.fbg.html
    notwithstanding the problem listed below.

2) This entire script seems to be referencing the incorrect virus.
    Reviewing Symantec's virus page at
    http://securityresponse.symantec.com/avcenter/vinfodb.html
    shows another script, w32.spybot.fcd which seems to fit this
    script much better:
      a) The fcd variant actually opens up an Ident server on port 113
         (the fbg documentation has no such reference).
      b) The fcd variant communicates out on port 8080 (the fbg makes
         no such reference).

All in all, it really seems like the script was written to address
w32.spybot.fcd described by Symantec at
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.fcd.html

Can someone confirm?

Thomas
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Previous message: Paul Johnston: "[Plugins-writers] Add bodyonly:1 to a few XSS plugins"
• Next in thread: Renaud Deraison: "Re: [Plugins-writers] w32.spybot.fbg script"
• Reply: Renaud Deraison: "Re: [Plugins-writers] w32.spybot.fbg script"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Oct 20 2004 - 08:55:50 PDT