CodeBreakers-Journal - Portal for IT-Security & IT-Anti-Security - VX Reversing III

Side Story
VX Reversing II, Sasser.B

The well known worm Sasser has been one of the viruses which has received more attention in the press in the latest months. It’s author, an 18 years old student from Germany, after causing lots of troubles to many home users and small enterprises faces up to several years of prison. Sasser is not a well programmed virus, it’s success is entirely due to the exploit it implements, which was announced by Microsoft in one of their security bulletins. In this paper, we will reverse Sasser.B - the second of its variants - showing how it works and also how to clean your computer after infection. Warning: disconnect your computer from the network while working with Sasser, you are left as the only responsible of your mistakes.

Latest Papers

Journals

CodeBreakers Journal

Assembly Programming Journal

Journal Issues

RECON2006 Conf. Proc.

Vol.3, No.1, 2006

RECON2005 Conf. Proc.

Vol.2, No.1, 2005

Vol.1, No.2, 2004

Vol.1, No.1, 2004

Statistics

Members: 1927
News: 293
Web Links: 1
Visitors: 4053274

Featured Conference Video

OllyBone - Semi-Automatic Unpacking on IA-32. View the conference video here!

Home

VX Reversing III – Yellow Fever (Griyo 29a)

Written by E. Abril

Side Story
VX Reversing II, Sasser.B

This article provides an in-depth analysis of the I-Worm "win32.YellowFever", by "Griyo\29A". This is a proof of concept virus, meaning it has very sophisticated features which are very hard to find in the wild. Our analysis includes: a step-by-step guide to debug it and the construction of a bait file, which we use to run it under a controlled environment. Since the virus has not been spread there is no similar description published by the Anti-Virus companies.

Download: