Full Disclosure mailing list archives
[Full-Disclosure] RE: [Full-disclosure]Not into Refuting tall-tales and stories abo ut the Mydoom worms
From: Joe Stewart <jstewart () lurhq com>
Date: Fri, 30 Jan 2004 13:30:09 -0500
On Friday 30 January 2004 12:02 pm, Clairmont, Jan wrote:
First there is nothing in your analysis that excludes an embedded forth interpreter or code,
Yes, but there IS an embedded pong game written in ADA. Can you prove there isn't? How about the fact that Juari already admitted there was no bios infection?
second there are fingerprints for a tsr.
Where? Offsets, please.
Since it is an .exe and quite able to install one. Was there a search to eliminate the possibility?
Even though Juari was obviously trolling, yes there was a search.
There is plenty of unanalyzed code
How do you know what code is unanalyzed?
and looking at the dissassembled code there are fingerprints of a tsr and forth in my opinion
Where? Offsets, please.
Were the int calls examined for suspicious behavior? Looking at the tsr hex codes and forth formats there could definintely be activity there.
There are no INT calls. Are you looking at this in a 16-bit disassembler by any chance?
Your analysis does not seem complete or extensive enough to rule out anything.
Just like I can't rule out the possibility that you and Juari are the same person and you are still trolling. -Joe _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Full-Disclosure] RE: [Full-disclosure]Not into Refuting tall-tales and stories abo ut the Mydoom worms Clairmont, Jan (Jan 30)
- [Full-Disclosure] RE: [Full-disclosure]Not into Refuting tall-tales and stories abo ut the Mydoom worms Joe Stewart (Jan 30)
- Re: [Full-Disclosure] RE: [Full-disclosure]Not into Refuting tall-tales and stories abo ut the Mydoom worms jan . muenther (Jan 30)