[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] MyDoom.f binary string

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] MyDoom.f binary string
From: Jason Brewer <fulldisclosure99@yahoo.com>
Date: Tue, 24 Feb 2004 15:51:38 -0600

I was able to get my hands on two copies of the virus.. They are slightly different in size and definitely have different md5sums.

I created a couple of signatures using this string that matched in both files:
25 E5 6C D1 3C 2B 44 53 A8 34 B0 C1 14 3F E4 37

I'm monitoring ports 25, 135:139, 445, and 3127 with this signature to try and catch all methods of propagation.

----- Original Message -----

From: "Jason Brewer" <fulldisclosure99@yahoo.com>

To: "Full Disclosure" <full-disclosure@lists.netsys.com>

Sent: Tuesday, February 24, 2004 4:43 PM

Subject: [Full-Disclosure] MyDoom.f binary string

Does anyone have a binary string for MyDoom.f?

I wish to create a "network drive" signature ASAP.

Thanks!

Jason Brewer


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] MyDoom.f binary string
  - From: Jason Brewer <fulldisclosure99@yahoo.com>

References:
- [Full-Disclosure] MyDoom.f binary string
  - From: Jason Brewer <fulldisclosure99@yahoo.com>

Prev by Date: [Full-Disclosure] MyDoom.f binary string
Next by Date: Re: [Full-Disclosure] RE: Windows XP explorer.exe heap overflow.
Previous by thread: [Full-Disclosure] MyDoom.f binary string
Next by thread: Re: [Full-Disclosure] MyDoom.f binary string
Index(es):
- Date
- Thread