lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <5.0.0.25.2.20040127163522.04eb3c20@pop3.direcway.com> From: madsaxon at direcway.com (madsaxon) Subject: Mydoom At 10:08 AM 1/28/2004 +1300, Nick FitzGerald wrote: >That page does not specifically address the "zip attachment" form at >all, and to the extent that it does mention .ZIP extensions it (_quite_ >incorrectly) implies that the virus' executable is simply packaged with >such an extension. In fact, if it sends itself with a .ZIP extension, >Mydoom sends itself as a proper zip archive that contains a "stored" >(i.e. not compressed) copy of its executable. Two of the copies I've gotten have been proper .zip archives (with .zip extension) which contained a UPX compressed executable, many of whose ASCII strings were further obfuscated with ROT-13. m5x
Powered by blists - more mailing lists