[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Get this dude.

Can you show us the disassembled output for all these claims.


> Even if the virus (Mydoom) is programmed in assembler and compiled using
> masm it is made to look like it has been programmed in C++ when
> disassembling. It is a fact that many more information are hidden and
> undiscovered to this date such as the fact that it will stop spreading on
> febuary 12 which is not true. Mydoom will pass in a new phase upon febuary
> 12 and it will be very much more serious as it will be updated and will
> mutate in Mydoom.C. The backdoor (shimgapi.dll) is open a port but this is
> used to obscur the real intention of Mydoom.B as well as Outlook express.
> It was also unknown that the virus infects the BIOS of the computer it
> infects by injecting a 624bytes backdoor written in FORTH which will open
> port tcp when Mydoom will be executed AFTER febuary 12.
> It is a conclusion that the viral professionals that published diagnosis of
> the Mydoom.A virus are trying to hide something or are very incompetent.
> Also there are no way to fix the virus that is injected in the BIOS after it
> has been infected except from flashing it AFTER disinfecting the workstation
> that was infected.
>                                         Juari Bosnikovich
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> -----Original Message-----
> From: Kenton Smith [mailto:ksmith@chartwelltechnology.com]
> Sent: Thursday, January 29, 2004 2:26 PM
> To: Clairmont, Jan
> Cc: 'full-disclosure@lists.netsys.com'
> Subject: RE: [Full-Disclosure] Culprit Bio: Perfect Storm Averted or Just
> Ahead?
> If you're a FORTH programmer, can you comment on the validity of this?
> "It was also unknown that the virus infects the BIOS of the computer it
> infects by injecting a 624bytes backdoor written in FORTH which will open
> port tcp when Mydoom will be executed AFTER febuary 12."
> I'm not a programmer, nor am I a BIOS expert, but this seems bogus to me.
> Kenton
> On Thu, 2004-01-29 at 11:04, Clairmont, Jan wrote:
> <snip>
> > If there are a 1000 Forth programmers in the world I would be
> > surprised. They would need communications knowledge, programming, being
> one myself
> > there are not too many of those.   This narrows the gene pool
> significantly
> > if anyone in the know is searching.
> <snip>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

-Daniel Uriah Clemens

Esse quam videra
     (to be, rather than to appear)
                     -Moments of Sorrow are Moments of Sobriety
http://www.birmingham-infragard.org   | 2053284200
fingerprint: EDF0 6566 2A4A 220E 5760  EA1F 0424 6DF6 F662 F5BD

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html