lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Mydoom

madsaxon <madsaxon@...ecway.com> to me:

> >That page does not specifically address the "zip attachment" form at
> >all, and to the extent that it does mention .ZIP extensions it (_quite_
> >incorrectly) implies that the virus' executable is simply packaged with
> >such an extension.  In fact, if it sends itself with a .ZIP extension,
> >Mydoom sends itself as a proper zip archive that contains a "stored"
> >(i.e. not compressed) copy of its executable.
> 
> Two of the copies I've gotten have been proper .zip archives (with
> .zip extension) which contained a UPX compressed executable,
> many of whose ASCII strings were further obfuscated with ROT-13.

Dude, read what I said...

   ...if it sends itself with a .ZIP extension...

That is, of the options it has for sending itself, if it chooses the 
the zip archive option...  

Keep up with the program!


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854


Powered by blists - more mailing lists