Full Disclosure mailing list archives
RE: Culprit Bio: Perfect Storm Averted or Just Ahead?
From: "Clairmont, Jan" <JMC13 () mail3 cs state ny us>
Date: Thu, 29 Jan 2004 10:06:53 -0500
The guy who wrote this virus and/or unleashed it should not be too hard
to track down. One, they are a Forth programmer, old school.
I once met the Guy who invented Forth('83) and was in a seminar where
he talked it up, not too many programmer then, not now. This language is
very compact and powerful allowing a lot of functionality in a compact
environment. There is the CVS tag that mentions Andy. So there is an
association with Andy and Forth. Finally, the person knows communications
programming, old school,
tcp, ports, and sockets not portals etc, probably in assembler or C.
Lastly, this person has a big Ego, so they have probably published on
security, sockets, communications, SMTP, bios and/or forth. This person
knows
the ins and out of many computer architectures UNIX, PC, attacking Bios is
old school int 20 , 21 stuff. Probably really hates Intel, Gates and
MS, 8-> boy that's about everyone on this list. ;->
Anyone with information, a reward is going to be posted.
Regards,
Jan Clairmont
-----Original Message-----
From: Collin R. Mulliner [mailto:collin () betaversion net]
Sent: Thursday, January 29, 2004 8:48 AM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Mydoom: Perfect Storm Averted or Just Ahead?
Hi,
That'd be an interesting defense. Has anyone tried renaming their incoming MX machine so that it includes one of these strings?
I think all email addresses which contain the unwanted strings are filtered out before asking for the mx host for a specific domain - so this defense wont work. Everything else would be to slow. ... Collin -- Collin Mulliner <collin () betaversion net> BATAVERSiON Systems [www.betaversion.net] fom: To know recursion, you must first know recursion. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Culprit Bio: Perfect Storm Averted or Just Ahead? Clairmont, Jan (Jan 29)
- RE: Culprit Bio: Perfect Storm Averted or Just Ahead? Henrik Persson (Jan 29)
- RE: Culprit Bio: Perfect Storm Averted or Just Ahead? Steve Wray (Jan 29)
- RE: Culprit Bio: Perfect Storm Averted or Just Ahead? Henrik Persson (Jan 29)
- Re: Culprit Bio: Perfect Storm Averted or Just Ahead? Cael Abal (Jan 29)
- Re: Culprit Bio: Perfect Storm Averted or Just Ahead? Henrik Persson (Jan 30)
- RE: Culprit Bio: Perfect Storm Averted or Just Ahead? Steve Wray (Jan 29)
- RE: Culprit Bio: Perfect Storm Averted or Just Ahead? Henrik Persson (Jan 29)
- Re: Culprit Bio: Perfect Storm Averted or Just Ahead? Cael Abal (Jan 29)