Full Disclosure mailing list archives
RE: Get this dude.
From: daniel uriah clemens <daniel_clemens () autism birmingham-infragard org>
Date: Thu, 29 Jan 2004 15:19:12 +0000 (GMT)
Can you show us the disassembled output for all these claims. ? -Dan
Even if the virus (Mydoom) is programmed in assembler and compiled using masm it is made to look like it has been programmed in C++ when disassembling. It is a fact that many more information are hidden and undiscovered to this date such as the fact that it will stop spreading on febuary 12 which is not true. Mydoom will pass in a new phase upon febuary 12 and it will be very much more serious as it will be updated and will mutate in Mydoom.C. The backdoor (shimgapi.dll) is open a port but this is used to obscur the real intention of Mydoom.B as well as Outlook express. It was also unknown that the virus infects the BIOS of the computer it infects by injecting a 624bytes backdoor written in FORTH which will open port tcp when Mydoom will be executed AFTER febuary 12. It is a conclusion that the viral professionals that published diagnosis of the Mydoom.A virus are trying to hide something or are very incompetent. Also there are no way to fix the virus that is injected in the BIOS after it has been infected except from flashing it AFTER disinfecting the workstation that was infected. Juari Bosnikovich _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -----Original Message----- From: Kenton Smith [mailto:ksmith () chartwelltechnology com] Sent: Thursday, January 29, 2004 2:26 PM To: Clairmont, Jan Cc: 'full-disclosure () lists netsys com' Subject: RE: [Full-disclosure] Culprit Bio: Perfect Storm Averted or Just Ahead? If you're a FORTH programmer, can you comment on the validity of this? "It was also unknown that the virus infects the BIOS of the computer it infects by injecting a 624bytes backdoor written in FORTH which will open port tcp when Mydoom will be executed AFTER febuary 12." I'm not a programmer, nor am I a BIOS expert, but this seems bogus to me. Kenton On Thu, 2004-01-29 at 11:04, Clairmont, Jan wrote: <snip>If there are a 1000 Forth programmers in the world I would be surprised. They would need communications knowledge, programming, beingone myselfthere are not too many of those. This narrows the gene poolsignificantlyif anyone in the know is searching.<snip> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-Daniel Uriah Clemens Esse quam videra (to be, rather than to appear) -Moments of Sorrow are Moments of Sobriety http://www.birmingham-infragard.org | 2053284200 fingerprint: EDF0 6566 2A4A 220E 5760 EA1F 0424 6DF6 F662 F5BD _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Get this dude. Clairmont, Jan (Jan 29)
- RE: Get this dude. daniel uriah clemens (Jan 29)
- RE: Get this dude. Nick FitzGerald (Jan 29)
- RE: Get this dude. Kenton Smith (Jan 29)
- RE: Get this dude. daniel uriah clemens (Jan 29)