Full Disclosure mailing list archives

MyDoom download info.

From: Feher Tamas <etomcat () freemail hu>
Date: Sat, 31 Jan 2004 10:53:54 +0100 (CET)

Hello,

http://www.nonmundane.org/~dspisak/danger/MyDoomB.exe


Run it under VMware and confirmed. Aladdin Stuffit format self-
extracting archive, contains MyDoom.B worm executable (29,184 bytes) 
inside.

However the AV industry standard is always to send virus samples in 
passworded ZIP archive format and nothing else. Never trust 
executables!

BTW, apparently there is a yet undiscovered bug in MyDoom.B code 
that prevents it from spreading effectively. Much of the code is 
encrypted, so dissecting processes sowly.

Regards, Tamas Feher.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

MyDoom download info. Feher Tamas (Jan 31)
- <Possible follow-ups>
- RE: MyDoom download info. first last (Jan 31)
  - Re: MyDoom download info. jan . muenther (Jan 31)
- Re: MyDoom download info. first last (Jan 31)
  - Re: MyDoom download info. jan . muenther (Jan 31)
  - Re[2]: MyDoom download info. Papp Geza (Jan 31)