Culprit Bio: Perfect Storm Averted or Just

["Helmut Hauser" <helmut_hauser () hotmail com>]

It seems that the virus writer put his anagramm into his creation.
If you view the malware with a hexeditor you can read the letters AU
at the end of the file (beginning at 00007F20 end at 00007F70)

according to my disassembling the virus writer used c++ with assembler
includes and he has average skills, he used timers and sleep functions to
conceal the presence of the active virus.

Helmut

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html