Full Disclosure mailing list archives

Re: MyDoom.f binary string

From: Jason Brewer <fulldisclosure99 () yahoo com>
Date: Tue, 24 Feb 2004 15:51:38 -0600

I was able to get my hands on two copies of the virus.. They are slightly differentin size and definitely have different md5sums.


I created a couple of signatures using this string that matched in both files:
25 E5 6C D1 3C 2B 44 53 A8 34 B0 C1 14 3F E4 37

I'm monitoring ports 25, 135:139, 445, and 3127 with this signature to try and catchall methods of propagation.

----- Original Message -----

From: "Jason Brewer" <fulldisclosure99 () yahoo com>

To: "Full Disclosure" <full-disclosure () lists netsys com>

Sent: Tuesday, February 24, 2004 4:43 PM

Subject: [Full-disclosure] MyDoom.f binary string

Does anyone have a binary string for MyDoom.f?

I wish to create a "network drive" signature ASAP.

Thanks!

Jason Brewer


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

MyDoom.f binary string Jason Brewer (Feb 24)
- <Possible follow-ups>
- MyDoom.f binary string Jason Brewer (Feb 24)
  - Message not available
    - Re: MyDoom.f binary string Jason Brewer (Feb 24)
    - Re: MyDoom.f binary string Jason Brewer (Feb 25)