lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0HFF00BC8FMZPE@smtp2.clear.net.nz>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Ms Update Spoof - W32.gibe - NOTE:VIRUS AT

A plunger hiding behind the handle "morning_wood" wrote:

> Analysis of "Update880.exe" W32.gibe - Trojan / Worm

"Analysis"??

Nah.

What you did shows multiple levels of stupidity but nothing that 
passes for "analysis".  Your actions allow others to analyse you to 
some degree, but do not contribute anything useful to the purposes of 
this list.

<<snip>>
> ...  This is a different variant than
> identified by Symantic in March 2003.  ...

>From a quick search of Symantec's web site, it seems that (what 
Symantec calls) Gibe.C was the only Gibe variant discovered in March, 
so of course this one is different.  Anyone with two functioning 
brain cells and a hint of an idea of what they were doing would very 
quickly work out that this variant is bit-for-bit identical to the 
standard form of the Gibe.B variant, discovered in February.

Mr "morning_wood" -- next time you want to help like this, please 
resist the temptation until you've absorbed a few more clues.

Despite what you may think, the list is not a virus distribution 
channel and the few times otehrs have posted samples previousaly have 
resulted in far more folk posting "don't do that" messages than 
posted "way to go" ones.

Finally, Gibe.B is dead common -- if this is the first sample of it 
to arrive in your Email then you really are far from the cutting-edge 
of anything related to computer viruses.  I'd suggest that you would 
therefore be much better off refraining from making public 
"contributions" about them and leave that to those who actually 
understand them and handle them on a regular and informed basis.


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ