Full Disclosure mailing list archives
Re: Virus Outbreak Attacking MS05-039 WIN2K
From: Joe Stewart <jstewart () lurhq com>
Date: Mon, 15 Aug 2005 12:17:57 -0400
On Monday 15 August 2005 11:26 am, Andrew Smith wrote:
Can anyone explain why this virus chooses to block ebay, amazon and paypal? This seems foolish if the intention is to remain on the compromised host un-noticed.
Recent versions of Mytob do the same thing. Mytob, if you remember, is R[x]bot + Mydoom. It appears that Zotob is just the Mytob code with the Mydoom code removed and replaced by the MS05-039 spreader, and that both codebases are maintained by the same person. Doesn't explain his motives for blocking those sites, but does explain why it is in the Zotob codebase. -Joe -- Joe Stewart, GCIH Senior Security Researcher LURHQ http://www.lurhq.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Virus Outbreak Attacking MS05-039 WIN2K Mike (Aug 15)
- Re: Virus Outbreak Attacking MS05-039 WIN2K Andrew Smith (Aug 15)
- RE: Virus Outbreak Attacking MS05-039 WIN2K Jan Nielsen (Aug 15)
- Re: Virus Outbreak Attacking MS05-039 WIN2K Joe Stewart (Aug 15)
- <Possible follow-ups>
- RE: Virus Outbreak Attacking MS05-039 WIN2K Todd Towles (Aug 15)
- RE: Virus Outbreak Attacking MS05-039 WIN2K Todd Towles (Aug 15)
- RE: Virus Outbreak Attacking MS05-039 WIN2K auto447062 (Aug 16)
- Re: Virus Outbreak Attacking MS05-039 WIN2K Andrew Smith (Aug 15)