Full Disclosure mailing list archives
Re: MyDoom download info
From: Scott Taylor <security () 303underground com>
Date: Fri, 30 Jan 2004 18:52:29 -0700
Ok, so because you happen to be on a security list, you are automatically to be trusted? Do you remember the so-called "ProFTPD-1.2.9rc2 remote exploit" from Oct 24, 2003? It was described like this: Ladies and gentlemen, here's the source code of the exploit for the latest release of ProFTPD. This is a Zero-Day private exploit, please DON'T REDISTRIBUTE. I will not take responsibility for any damages which could result from the usage of this exploit, use it at your own risk. Shortly thereafter, someone was kind enough to elaborate on what it really did: Then some "creative hopping" to connect this to an "/bin/sh rm -rf /". If shellcode matches 0x72, 0x6d, 0x2d and 0x66 .. always be "alerted" :> So, I'm sorry, but being on a security-related mailing list does NOT automatically grant you trust. And even though I use a real operating system, I'm not going to just trust someone just because they SAY something is safe. You probably are a good guy. But inappropriately trusting email is how this thing grew to be as massive as it is, or did you forget that already? I can sign my emails too, but signing keys are free, and your signature is not signed as valid by anyone I know, just as my signature is probably not signed by anyone you know. And I don't expect you to blindly trust me, either! On Fri, 2004-01-30 at 18:07, Daniel Spisak wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you had read the README-FIRST.TXT file you would know that the files are self-extracting archives. Secondly, wouldn't it be somewhere in the neighborhood of dumb to massively idiotic for me to post virii examples that I have trojaned with my own backdoor and then post links to them on a public discussion forum where everyone can quite obviously see where my email originates from, let alone the fact that I PGP sign all my email to this list? Sorry if I come off a bit pained here but it just seems obvious to me how utterly stupid I would have to have been to have tried something like that. You also don't see anyone on this list mentioning as such was done to any of the examples they got from those same links when I was emailing people who requested it before I had posted the URLs here. Daniel E. Spisak Security Engineer OnlineSecurity www.onlinesecurity.com dan () onlinesecurity com Cell: 562.331.1603 On Jan 30, 2004, at 4:38 PM, Scott Taylor wrote:Am I the only one that found it to be a little bit shady that these were made available as executables? Is the "B" version posted somewhere as just a plain zip? I don't seem to have already received my free copy in the mail yet. On Fri, 2004-01-30 at 12:17, Daniel Spisak wrote:http://www.nonmundane.org/~dspisak/danger/README-FIRST.TXT http://www.nonmundane.org/~dspisak/danger/MyDoomA.exe http://www.nonmundane.org/~dspisak/danger/MyDoomB.exe-- Scott Taylor - <security () 303underground com> BOFH Excuse #216: What office are you in? Oh, that one. Did you know that your building was built over the universities first nuclear research site? And wow, aren't you the lucky one, your office is right over where the core is buried! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html-----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQBr/yBUn/Hz8mr7jEQIkCgCeJX/45Qmnjlx+ji/j3y0NAopN8r8AoMQ0 tGWoIwLcFCOBpTjJnjb/BU+Y =J8vp -----END PGP SIGNATURE-----
-- Scott Taylor - <security () 303underground com> Finagle's First Law: If an experiment works, something has gone wrong. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MyDoom download info Daniel Spisak (Jan 30)
- RE: MyDoom download info Steve Wray (Jan 30)
- Re[2]: MyDoom download info Papp Geza (Jan 30)
- Re: MyDoom download info Scott Taylor (Jan 30)
- Re: MyDoom download info Daniel Spisak (Jan 30)
- Re: MyDoom download info Scott Taylor (Jan 30)
- Re: MyDoom download info Valdis . Kletnieks (Jan 31)
- Re: MyDoom download info Oliver Schneider (Jan 31)
- Re: MyDoom download info Daniel Spisak (Jan 30)
- Re: MyDoom download info Roland Dobbins (Jan 31)
- RE: MyDoom download info Steve Wray (Jan 30)
- mydoom.exe decyphering? Danny (Jan 31)
- Re: [Full-Disc]: mydoom.exe decyphering? Anders (Jan 31)
- <Possible follow-ups>
- RE: MyDoom download info first last (Jan 30)
- RE: MyDoom download info Steve Wray (Jan 30)
- Re: MyDoom download info Valdis . Kletnieks (Jan 31)
- Re: MyDoom download info Paul Schmehl (Jan 31)
- RE: MyDoom download info Steve Wray (Jan 31)
- RE: MyDoom download info Steve Wray (Jan 30)