Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MyDoom download info

From: "Puneet Arora" <puneet () tunmail com>
Date: Sat, 31 Jan 2004 14:39:07 +0530
I think Daniel E. Spisak is quite right ....
why would anyone post a virus/backdoor creation of hiw
own....................?????????????
Also if he wanted......he would have disributed in Executable form.......not
the xipped one.....right.
----- Original Message ----- 
From: "first last" <randnut () hotmail com>
To: <full-disclosure () lists netsys com>
Sent: Saturday, January 31, 2004 5:58 AM
Subject: RE: [Full-disclosure] MyDoom download info



to successfully unpack the program. All they really needed to
do was dump it from memory while it was running and they could've

analyzed

it immediately with any disassembler.


Forgive me, I am no assembly hacker nor much of a programmer,
but would it be possible for a program to 'react' in some way
were one to try to dump it from memory?


The program would have to use a device driver to protect itself from not
being dumped from memory to disk. But there are ways around that as well.

_________________________________________________________________
Get a FREE online virus check for your PC here, from McAfee.
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: