lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <003901c3e531$d1b9f890$231a90d8@NTAUTHORITY>
From: geoincidents at getinfo.org (Geoincidents)
Subject: Mydoom

> And, as I explained earlier, even the size of the .EXE can vary, adding
> yet another inconstancy to the equation.

There is one consistancy that may help people build mail filters. The virus
codes the zip attachment as a mime type of application / octet-stream
(without the spaces) instead of application/x-zip-compressed. It's a
consistancy you can build a rwords/phrase filter around. Only drawback is
that octet stream is basically the default for unknown file types and
Windows98 for some reason uses this mime type for pdf and doc type files but
that's fixable too

You can fix Win98 by going into regedit on the client machine, to
HKEY_CLASSES_ROOT\.pdf and enter
a new string value of "Content Type" = "application/pdf" or for doc file go
to the \.doc key and enter "application/msword" or whatever extension you
find that fails when you try to send mail.

Geo.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ