Re: Ms Update Spoof - W32.gibe - NOTE:VIRUS AT

[Nick FitzGerald <nick () virus-l demon co uk>]

A plunger hiding behind the handle "morning_wood" wrote:

> Analysis of "Update880.exe" W32.gibe - Trojan / Worm

"Analysis"??

Nah.

What you did shows multiple levels of stupidity but nothing that 
passes for "analysis".  Your actions allow others to analyse you to 
some degree, but do not contribute anything useful to the purposes of 
this list.

<<snip>>
> ...  This is a different variant than
> identified by Symantic in March 2003.  ...

> From a quick search of Symantec's web site, it seems that (what 
Symantec calls) Gibe.C was the only Gibe variant discovered in March, 
so of course this one is different.  Anyone with two functioning 
brain cells and a hint of an idea of what they were doing would very 
quickly work out that this variant is bit-for-bit identical to the 
standard form of the Gibe.B variant, discovered in February.

Mr "morning_wood" -- next time you want to help like this, please 
resist the temptation until you've absorbed a few more clues.

Despite what you may think, the list is not a virus distribution 
channel and the few times otehrs have posted samples previousaly have 
resulted in far more folk posting "don't do that" messages than 
posted "way to go" ones.

Finally, Gibe.B is dead common -- if this is the first sample of it 
to arrive in your Email then you really are far from the cutting-edge 
of anything related to computer viruses.  I'd suggest that you would 
therefore be much better off refraining from making public 
"contributions" about them and leave that to those who actually 
understand them and handle them on a regular and informed basis.


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html