[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Re: Re: DoomJuice.A, Mydoom.A source code

Nick FitzGerald wrote:

I've done that and after 12 hours I had about 27 files. 8 of them
were unique both in size and content.  ...

              ^^^^^^^^^^^^^^^^^^^^^^^^
Is that not tautological?

I meant there were no files with the same length and different content.

Or were you trying to say that none of these 8 are truncated copies of longer files in the set?

After a more detailed analysis it turned out only 4 were unique and not
juices A or B. But only one seems to be complete, the others look like truncs of complete parts which I don't have.

... but that leaves me with another 7 different
files. Question is, how many things are out there piggybacking on
mydoom's backdoor?  ...

[...] and simply the five byte command that instructs Mydoom's backdoor to "drop to a file and execute the following data stream" 

 Enlighten me here, if we send those 5 bytes and then stream it an
executable file will it work?

...  And now the source code is public many more
will emerge in the next few days...

Charming, eh?? 

 Spreading your opensource worm code through the worm itself is quite
amusing.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html