Vulnerability Development mailing list archives
Re: Another new worm??? (technical)
From: pierre () DATARESCUE COM (Pierre Vandevenne)
Date: Tue, 27 Jun 2000 15:38:22 +0200
On Mon, 26 Jun 2000 10:31:05 -0300, sigipp () WELLA COM BR wrote:
Hi,"Love Letter", "Lover Letter", "Love _ Letter", "Re:Love Letter", "FWD: Love _Letter"I remember once an article in the (german) c´t about fault-tolerant string matching using triplets (groups of three characters) and groups of five characters, resulting in a percentage of similarness. It worked really great and might be an algoritm to catch these too.
Sure - it is quite possible, by many methods, but as soon as you choose one in an open source package worm writers will work around it. That is what happened in the past, eventhough the program were closed source and the databases (mildly) encrypted. BTW, when looking for information about viruses and worms, it often pays to look further than the virus encyclopedias - there are many interesting papers floating on the net. Here for example. http://www.av.ibm.com/InsideTheLab/Bookshelf/ScientificPapers/ http://www.ifip.tu-graz.ac.at/TC11/SEC94/bonchev.html Pierre --- http://www.datarescue.com/idabase/ida.htm IDA Pro 4.1 - Yes, we have done it again !
Current thread:
- Re: Another new worm??? (technical) sigipp () WELLA COM BR (Jun 26)
- Re: Another new worm??? (technical) Pierre Vandevenne (Jun 27)
- Virus Scan Notices in eMail Brian Kifiak (Jun 27)
- Re: Virus Scan Notices in eMail Bluefish (Jun 28)
- Re: Virus Scan Notices in eMail Colleen Tibbs (Jun 28)
- Re: Virus Scan Notices in eMail Brian Kifiak (Jun 28)
- Re: Virus Scan Notices in eMail Bluefish (Jun 29)