Full Disclosure mailing list archives
RE: Culprit Bio: Perfect Storm Averted or Just Ahead?
From: "Clairmont, Jan" <JMC13 () mail3 cs state ny us>
Date: Thu, 29 Jan 2004 10:06:53 -0500
The guy who wrote this virus and/or unleashed it should not be too hard to track down. One, they are a Forth programmer, old school. I once met the Guy who invented Forth('83) and was in a seminar where he talked it up, not too many programmer then, not now. This language is very compact and powerful allowing a lot of functionality in a compact environment. There is the CVS tag that mentions Andy. So there is an association with Andy and Forth. Finally, the person knows communications programming, old school, tcp, ports, and sockets not portals etc, probably in assembler or C. Lastly, this person has a big Ego, so they have probably published on security, sockets, communications, SMTP, bios and/or forth. This person knows the ins and out of many computer architectures UNIX, PC, attacking Bios is old school int 20 , 21 stuff. Probably really hates Intel, Gates and MS, 8-> boy that's about everyone on this list. ;-> Anyone with information, a reward is going to be posted. Regards, Jan Clairmont -----Original Message----- From: Collin R. Mulliner [mailto:collin () betaversion net] Sent: Thursday, January 29, 2004 8:48 AM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Mydoom: Perfect Storm Averted or Just Ahead? Hi,
That'd be an interesting defense. Has anyone tried renaming their incoming MX machine so that it includes one of these strings?
I think all email addresses which contain the unwanted strings are filtered out before asking for the mx host for a specific domain - so this defense wont work. Everything else would be to slow. ... Collin -- Collin Mulliner <collin () betaversion net> BATAVERSiON Systems [www.betaversion.net] fom: To know recursion, you must first know recursion. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Culprit Bio: Perfect Storm Averted or Just Ahead? Clairmont, Jan (Jan 29)
- RE: Culprit Bio: Perfect Storm Averted or Just Ahead? Henrik Persson (Jan 29)
- RE: Culprit Bio: Perfect Storm Averted or Just Ahead? Steve Wray (Jan 29)
- RE: Culprit Bio: Perfect Storm Averted or Just Ahead? Henrik Persson (Jan 29)
- Re: Culprit Bio: Perfect Storm Averted or Just Ahead? Cael Abal (Jan 29)
- Re: Culprit Bio: Perfect Storm Averted or Just Ahead? Henrik Persson (Jan 30)
- RE: Culprit Bio: Perfect Storm Averted or Just Ahead? Steve Wray (Jan 29)
- RE: Culprit Bio: Perfect Storm Averted or Just Ahead? Henrik Persson (Jan 29)
- Re: Culprit Bio: Perfect Storm Averted or Just Ahead? Cael Abal (Jan 29)