[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] MyDoom download info.

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] MyDoom download info.
From: Feher Tamas <etomcat@freemail.hu>
Date: Sat, 31 Jan 2004 10:53:54 +0100 (CET)

Hello,

>http://www.nonmundane.org/~dspisak/danger/MyDoomB.exe

Run it under VMware and confirmed. Aladdin Stuffit format self-
extracting archive, contains MyDoom.B worm executable (29,184 bytes) 
inside.

However the AV industry standard is always to send virus samples in 
passworded ZIP archive format and nothing else. Never trust 
executables!

BTW, apparently there is a yet undiscovered bug in MyDoom.B code 
that prevents it from spreading effectively. Much of the code is 
encrypted, so dissecting processes sowly.

Regards, Tamas Feher.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] MyDoom download info
Next by Date: RE: [Full-Disclosure] MyDoom download info.
Previous by thread: [Full-Disclosure] Chaosreader: X11 and VNC playback
Next by thread: RE: [Full-Disclosure] MyDoom download info.
Index(es):
- Date
- Thread