Full Disclosure mailing list archives
RE: MyDoom download info.
From: "first last" <randnut () hotmail com>
Date: Sat, 31 Jan 2004 11:03:50 +0000
BTW, apparently there is a yet undiscovered bug in MyDoom.B code that prevents it from spreading effectively. Much of the code is encrypted, so dissecting processes sowly.
It's still UPX packed, but it won't unpack with "UPX -d" because the author used a simple UPX scrambler. Either undo what he did or unpack it manually and you'll see all the code. The easiest way for anyone inexperienced with this is just to dump the memory to a file when the virus is running. But you don't think the anti-virus companies already know everything about this virus? It's been a few days now and they should've found out everything they needed to know the very same day they got their first copy of MyDoom.B.
_________________________________________________________________Let the new MSN Premium Internet Software make the most of your high-speed experience. http://join.msn.com/?pgmarket=en-us&page=byoa/prem&ST=1
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MyDoom download info. Feher Tamas (Jan 31)
- <Possible follow-ups>
- RE: MyDoom download info. first last (Jan 31)
- Re: MyDoom download info. jan . muenther (Jan 31)
- Re: MyDoom download info. first last (Jan 31)
- Re: MyDoom download info. jan . muenther (Jan 31)
- Re[2]: MyDoom download info. Papp Geza (Jan 31)