Full Disclosure mailing list archives
Re: MyDoom.f binary string
From: Jason Brewer <fulldisclosure99 () yahoo com>
Date: Tue, 24 Feb 2004 15:51:38 -0600
I was able to get my hands on two copies of the virus.. They are slightly different in size and definitely have different md5sums.
I created a couple of signatures using this string that matched in both files: 25 E5 6C D1 3C 2B 44 53 A8 34 B0 C1 14 3F E4 37I'm monitoring ports 25, 135:139, 445, and 3127 with this signature to try and catch all methods of propagation.
----- Original Message -----From: "Jason Brewer" <fulldisclosure99 () yahoo com> To: "Full Disclosure" <full-disclosure () lists netsys com> Sent: Tuesday, February 24, 2004 4:43 PM Subject: [Full-disclosure] MyDoom.f binary stringDoes anyone have a binary string for MyDoom.f?I wish to create a "network drive" signature ASAP.Thanks!Jason Brewer
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MyDoom.f binary string Jason Brewer (Feb 24)
- <Possible follow-ups>
- MyDoom.f binary string Jason Brewer (Feb 24)
- Message not available
- Re: MyDoom.f binary string Jason Brewer (Feb 24)
- Re: MyDoom.f binary string Jason Brewer (Feb 25)
- Message not available