[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] MyDoom download info
- To: <full-disclosure@lists.netsys.com>
- Subject: Re: [Full-Disclosure] MyDoom download info
- From: "Puneet Arora" <puneet@tunmail.com>
- Date: Sat, 31 Jan 2004 14:39:07 +0530
I think Daniel E. Spisak is quite right ....
why would anyone post a virus/backdoor creation of hiw
own....................?????????????
Also if he wanted......he would have disributed in Executable form.......not
the xipped one.....right.
----- Original Message -----
From: "first last" <randnut@hotmail.com>
To: <full-disclosure@lists.netsys.com>
Sent: Saturday, January 31, 2004 5:58 AM
Subject: RE: [Full-Disclosure] MyDoom download info
> > > to successfully unpack the program. All they really needed to
> > > do was dump it from memory while it was running and they could've
> >analyzed
> > > it immediately with any disassembler.
> >
> >Forgive me, I am no assembly hacker nor much of a programmer,
> >but would it be possible for a program to 'react' in some way
> >were one to try to dump it from memory?
>
> The program would have to use a device driver to protect itself from not
> being dumped from memory to disk. But there are ways around that as well.
>
> _________________________________________________________________
> Get a FREE online virus check for your PC here, from McAfee.
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html