Re: MyDoom download info

[Scott Taylor <security () 303underground com>]

Ok, so because you happen to be on a security list, you are
automatically to be trusted? Do you remember the so-called
"ProFTPD-1.2.9rc2 remote exploit" from Oct 24, 2003? It was described
like this:
Ladies and gentlemen, here's the source code of the exploit for the
latest release of ProFTPD. This is a Zero-Day private exploit, please
DON'T REDISTRIBUTE. I will not take responsibility for any damages which
could result from the usage of this exploit, use it at your own risk.
Shortly thereafter, someone was kind enough to elaborate on what it
really did:

        Then some "creative hopping" to connect this to an "/bin/sh rm
        -rf /". If shellcode matches 0x72, 0x6d, 0x2d and 0x66 .. always
        be "alerted" :>

So, I'm sorry, but being on a security-related mailing list does NOT
automatically grant you trust. And even though I use a real operating
system, I'm not going to just trust someone just because they SAY
something is safe. You probably are a good guy. But inappropriately
trusting email is how this thing grew to be as massive as it is, or did
you forget that already?

I can sign my emails too, but signing keys are free, and your signature
is not signed as valid by anyone I know, just as my signature is
probably not signed by anyone you know. And I don't expect you to
blindly trust me, either!



On Fri, 2004-01-30 at 18:07, Daniel Spisak wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> If you had read the README-FIRST.TXT file you would know that the files 
> are self-extracting archives.
>
> Secondly, wouldn't it be somewhere in the neighborhood of dumb to 
> massively idiotic for me to post virii examples that I have trojaned 
> with my own backdoor and then post links to them on a public discussion 
> forum where everyone can quite obviously see where my email originates 
> from, let alone the fact that I PGP sign all my email to this list?
>
> Sorry if I come off a bit pained here but it just seems obvious to me 
> how utterly stupid I would have to have been to have tried something 
> like that. You also don't see anyone on this list mentioning as such 
> was done to any of the examples they got from those same links when I 
> was emailing people who requested it before I had posted the URLs here.
>
> Daniel E. Spisak
> Security Engineer
> OnlineSecurity
> www.onlinesecurity.com
> dan () onlinesecurity com
> Cell: 562.331.1603
>
> On Jan 30, 2004, at 4:38 PM, Scott Taylor wrote:
> > Am I the only one that found it to be a little bit shady that these 
> > were
> > made available as executables? Is the "B" version posted somewhere as
> > just a plain zip? I don't seem to have already received my free copy in
> > the mail yet.
> >
> > On Fri, 2004-01-30 at 12:17, Daniel Spisak wrote:
> >
> > > http://www.nonmundane.org/~dspisak/danger/README-FIRST.TXT
> > > http://www.nonmundane.org/~dspisak/danger/MyDoomA.exe
> > > http://www.nonmundane.org/~dspisak/danger/MyDoomB.exe
> > --
> > Scott Taylor - <security () 303underground com>
> >
> > BOFH Excuse #216:
> >
> > What office are you in? Oh, that one.  Did you know that your building 
> > was built over the universities first nuclear research site? And wow, 
> > aren't you the lucky one, your office is right over where the core is 
> > buried!
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.3
>
> iQA/AwUBQBr/yBUn/Hz8mr7jEQIkCgCeJX/45Qmnjlx+ji/j3y0NAopN8r8AoMQ0
> tGWoIwLcFCOBpTjJnjb/BU+Y
> =J8vp
> -----END PGP SIGNATURE-----
--
Scott Taylor - <security () 303underground com> 

Finagle's First Law:
        If an experiment works, something has gone wrong.

    

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html