Full Disclosure mailing list archives

Re: Hello Mydoom

From: madsaxon <madsaxon () direcway com>
Date: Wed, 28 Jan 2004 17:21:24 -0600

At 05:39 PM 1/28/2004 -0500, Juari Bosnikovich wrote:

It was also unknown that the virus infects the BIOS of the computer it
infects by injecting a 624bytes backdoor written in FORTH which will open
port tcp when Mydoom will be executed AFTER febuary 12.


Nice analysis, Juari.  Thanks.

m5x

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Hello Mydoom Juari Bosnikovich (Jan 28)
- Re: Hello Mydoom madsaxon (Jan 28)
- <Possible follow-ups>
- Re: Hello Mydoom auto4751 (Jan 30)
  - Re: Hello Mydoom jan . muenther (Jan 30)