lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40178A1D.7346.906D8570@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Mydoom

<jsklein@...dspring.com> wrote:

> 22,528 bytes

No -- as I explained in my reply, and others have posted empirical data 
backing up the claim, the size of the zip attachment form varies 
depending on the length of the filename within the archive.

> More details at: 
> http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.
> html

Could I suggest that you use a more reliable or more detailed source of 
your information?

That page does not specifically address the "zip attachment" form at 
all, and to the extent that it does mention .ZIP extensions it (_quite_ 
incorrectly) implies that the virus' executable is simply packaged with 
such an extension.  In fact, if it sends itself with a .ZIP extension, 
Mydoom sends itself as a proper zip archive that contains a "stored" 
(i.e. not compressed) copy of its executable.


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ