Mydoom.B signature (needs more testing)

["Cam Beasley, ISO" <cam () AUSTIN UTEXAS EDU>]

Oddly enough, I haven't seen many working
variant Bs.. I have several with what
appears to be a null payload (all 'A's
in the base64)..  From the small few
that I do have, there may be commonalities
that could end up resulting in a solid
signature for Mydoom.B (Novarg.B)..

At this point, I wouldn't put much 
faith in any of these sigs, but would
appreciate your input..

-------------------------
Possible Variant B Sigs:
(wrapped for AV digestion)
-------------------------

-- note that part of the original
-- sig is in each of these sigs.

#1
KZYAAFNOAAAAgAAAJgEAxe6HApIAUCZKA ...           
EAD/bJpmiwQBPQl6AEAS85pmm7ZH8gq

#2
wAO4sKimaZqmoJiQiICapmmaeHBoYFhQz ...   
WCfaUgARAc4MDRN03QDKCQcGBDTLLvX


I'll be sure to repost new sigs
if I come up with anything more
accurate..

~cam.

Cam Beasley
ITS/Information Security Office
The University of Texas at Austin
cam () mail utexas edu
---------------------------
Report Abuse To:
- abuse () utexas edu
- 512.475.9242
---------------------------



> -----Original Message-----
> From: RLVaughn [mailto:Randy_Vaughn () Baylor edu]
> Sent: Wednesday, January 28, 2004 3:59 PM
> To: Cam Beasley, ISO
> Cc: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Novarg.A signature
>
>
> Hello Cam,
> Any luck on variant B?
>
> Best regards,
>  
> Randal Vaughn
> Professor  
> Baylor University                         
mailto:Randy_Vaughn () Baylor edu

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.