Friday, July 29, 2011

Lizamoon/Willsy Detection

Between Lizamoon and Willsy, looking for worms spreading through web attacks on a large number of domains can suck. Using postmodern's gscraper, I wrote a quick script that can check for infection using the same techniques as google-hacking.

It's located at . Inside the script, there's a place for you to change the query strings based upon what the current worm does. In the case of Willysy, it's needed to check for:

 (For a writeup, see:

No comments:

Post a Comment