Vulnerability Development mailing list archives
Re: unobfuscation of AnnaKournikova.jpg. vee bee ess worm
From: Dzzie Z <dzzie () YAHOO COM>
Date: Wed, 14 Feb 2001 01:34:18 -0500
According to Kaspersky Lab (AVP) this is old virus (and it really is because I've catched it with outdated bases) created with "[K]Alamar's Vbs Worms Creator" generator. They've published full review (in classification of Kaspersky it's called I-Worm.Lee.o)
this is from the worm generator documentation: [...] HEY! I'M TRYING TO FIND THE CREATOR OF THE LEE WORM, CAUSE ALL WORM CREATED WITH THE OLDER VBSWG ARE DETECTED AS I-WORM.LEE [/..] and todays bit of trivia just for fun : ) [...] Sorry for the bugs, after all, I'm just 17 years old!. [/..] generator just basically pastes routines from other vbs worms together although the obsfuscation I think is his.. not from zulu or such ...is a shifted ascii->hex string with random 11 character function and variable names aghh point and click worms sidethought..mabey the Lee worm is where he got his obsfuscation routine and that is why his are being picked up by as it... anyway TL security has the generator if you want to play with it...norton flags it as "Trojan.Horse" but looks to me like a pure vb5 exe with nothign wrapped in and it dosent open any ports or lodge in memory so *shrugs*
Current thread:
- unobfuscation of AnnaKournikova.jpg. vee bee ess worm rpc (Feb 13)
- Re: unobfuscation of AnnaKournikova.jpg. vee bee ess worm Ryan Yagatich (Feb 13)
- Re: unobfuscation of AnnaKournikova.jpg. vee bee ess worm Vladimir Dubrovin (Feb 13)
- Re: unobfuscation of AnnaKournikova.jpg. vee bee ess worm Dzzie Z (Feb 19)