[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] MyDoom download info

To: "'first last'" <randnut@hotmail.com>, full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] MyDoom download info
From: Steve Wray <steve.wray@paradise.net.nz>
Date: Sat, 31 Jan 2004 13:04:30 +1300

> From: full-disclosure-admin@lists.netsys.com 
> [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of 
> first last
[snip]
> >
> >IIRC there are viruses that are encrypted and are almost impossible
> >to disassemble?
> >
> >Would that be true?
> >
> 
> Sobig.F was packed with tElock. It's a PE file protector. It 
> "encrypts" the program's code and data, and tries to detect debuggers
before 
[snip]
> to successfully unpack the program. All they really needed to 
> do was dump it from memory while it was running and they could've
analyzed 
> it immediately with any disassembler.

Forgive me, I am no assembly hacker nor much of a programmer, 
but would it be possible for a program to 'react' in some way
were one to try to dump it from memory?


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] MyDoom download info
  - From: "first last" <randnut@hotmail.com>

Prev by Date: Re: [Full-Disclosure] RE: [Full-Disclosure]Not into Refuting tall-tales and stories abo ut the Mydoom worms
Next by Date: Re: [Full-Disclosure] Script Kiddies [OT]
Previous by thread: RE: [Full-Disclosure] MyDoom download info
Next by thread: RE: [Full-Disclosure] MyDoom download info
Index(es):
- Date
- Thread