[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] MyDoom download info

To: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] MyDoom download info
From: "first last" <randnut@hotmail.com>
Date: Sat, 31 Jan 2004 00:28:44 +0000

> to successfully unpack the program. All they really needed to
> do was dump it from memory while it was running and they could've
analyzed
> it immediately with any disassembler.

Forgive me, I am no assembly hacker nor much of a programmer,
but would it be possible for a program to 'react' in some way
were one to try to dump it from memory?

The program would have to use a device driver to protect itself from not being dumped from memory to disk. But there are ways around that as well.

_________________________________________________________________ Get a FREE online virus check for your PC here, from McAfee. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] MyDoom download info
  - From: "Puneet Arora" <puneet@tunmail.com>

Prev by Date: Re: [Full-Disclosure] MyDoom download info
Next by Date: Re: [Full-Disclosure] MyDoom download info
Previous by thread: RE: [Full-Disclosure] MyDoom download info
Next by thread: Re: [Full-Disclosure] MyDoom download info
Index(es):
- Date
- Thread