[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Culprit Bio: Perfect Storm Averted or Just

To: <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] Culprit Bio: Perfect Storm Averted or Just
From: "Helmut Hauser" <helmut_hauser@hotmail.com>
Date: Fri, 30 Jan 2004 10:07:01 +0100

It seems that the virus writer put his anagramm into his creation.
If you view the malware with a hexeditor you can read the letters AU
at the end of the file (beginning at 00007F20 end at 00007F70)

according to my disassembling the virus writer used c++ with assembler
includes and he has average skills, he used timers and sleep functions to
conceal the presence of the active virus.

Helmut

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Hello Mydoom
Next by Date: RE: [Full-Disclosure] Scam or SPAM ? : a trojan is on your computer!
Previous by thread: [Full-Disclosure] FYI: Visa abuse - equal to PayPal abuse
Next by thread: [Full-Disclosure] webpdp.gator.com XSS
Index(es):
- Date
- Thread