Educause Security Discussion mailing list archives
Mydoom.B signature (needs more testing)
From: "Cam Beasley, ISO" <cam () AUSTIN UTEXAS EDU>
Date: Thu, 29 Jan 2004 09:48:43 -0600
Oddly enough, I haven't seen many working variant Bs.. I have several with what appears to be a null payload (all 'A's in the base64).. From the small few that I do have, there may be commonalities that could end up resulting in a solid signature for Mydoom.B (Novarg.B).. At this point, I wouldn't put much faith in any of these sigs, but would appreciate your input.. ------------------------- Possible Variant B Sigs: (wrapped for AV digestion) ------------------------- -- note that part of the original -- sig is in each of these sigs. #1 KZYAAFNOAAAAgAAAJgEAxe6HApIAUCZKA ... EAD/bJpmiwQBPQl6AEAS85pmm7ZH8gq #2 wAO4sKimaZqmoJiQiICapmmaeHBoYFhQz ... WCfaUgARAc4MDRN03QDKCQcGBDTLLvX I'll be sure to repost new sigs if I come up with anything more accurate.. ~cam. Cam Beasley ITS/Information Security Office The University of Texas at Austin cam () mail utexas edu --------------------------- Report Abuse To: - abuse () utexas edu - 512.475.9242 ---------------------------
-----Original Message----- From: RLVaughn [mailto:Randy_Vaughn () Baylor edu] Sent: Wednesday, January 28, 2004 3:59 PM To: Cam Beasley, ISO Cc: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Novarg.A signature Hello Cam, Any luck on variant B? Best regards, Randal Vaughn Professor Baylor University
mailto:Randy_Vaughn () Baylor edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Mydoom.B signature (needs more testing) Cam Beasley, ISO (Jan 29)