[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Hello Mydoom

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Hello Mydoom
From: madsaxon <madsaxon@direcway.com>
Date: Wed, 28 Jan 2004 17:21:24 -0600

At 05:39 PM 1/28/2004 -0500, Juari Bosnikovich wrote:

It was also unknown that the virus infects the BIOS of the computer it
infects by injecting a 624bytes backdoor written in FORTH which will open
port tcp when Mydoom will be executed AFTER febuary 12.

Nice analysis, Juari. Thanks.

m5x

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Hello Mydoom
  - From: Juari Bosnikovich <juarib@m-net.arbornet.org>

Prev by Date: [Full-Disclosure] Mydoom.B
Next by Date: RE: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation
Previous by thread: [Full-Disclosure] Hello Mydoom
Next by thread: Re: [Full-Disclosure] Hello Mydoom
Index(es):
- Date
- Thread