lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Mydoom madsaxon <madsaxon@...ecway.com> to me: > >That page does not specifically address the "zip attachment" form at > >all, and to the extent that it does mention .ZIP extensions it (_quite_ > >incorrectly) implies that the virus' executable is simply packaged with > >such an extension. In fact, if it sends itself with a .ZIP extension, > >Mydoom sends itself as a proper zip archive that contains a "stored" > >(i.e. not compressed) copy of its executable. > > Two of the copies I've gotten have been proper .zip archives (with > .zip extension) which contained a UPX compressed executable, > many of whose ASCII strings were further obfuscated with ROT-13. Dude, read what I said... ...if it sends itself with a .ZIP extension... That is, of the options it has for sending itself, if it chooses the the zip archive option... Keep up with the program! -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists