lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040129151800.S48888-100000@birmingham-infragard.org>
From: daniel_clemens at autism.birmingham-infragard.org (daniel uriah clemens)
Subject: Get this dude.

Can you show us the disassembled output for all these claims.

?

-Dan
>
> Even if the virus (Mydoom) is programmed in assembler and compiled using
> masm it is made to look like it has been programmed in C++ when
> disassembling. It is a fact that many more information are hidden and
> undiscovered to this date such as the fact that it will stop spreading on
> febuary 12 which is not true. Mydoom will pass in a new phase upon febuary
> 12 and it will be very much more serious as it will be updated and will
> mutate in Mydoom.C. The backdoor (shimgapi.dll) is open a port but this is
> used to obscur the real intention of Mydoom.B as well as Outlook express.
>
> It was also unknown that the virus infects the BIOS of the computer it
> infects by injecting a 624bytes backdoor written in FORTH which will open
> port tcp when Mydoom will be executed AFTER febuary 12.
>
> It is a conclusion that the viral professionals that published diagnosis of
> the Mydoom.A virus are trying to hide something or are very incompetent.
>
> Also there are no way to fix the virus that is injected in the BIOS after it
> has been infected except from flashing it AFTER disinfecting the workstation
> that was infected.
>
>                                         Juari Bosnikovich
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> -----Original Message-----
> From: Kenton Smith [mailto:ksmith@...rtwelltechnology.com]
> Sent: Thursday, January 29, 2004 2:26 PM
> To: Clairmont, Jan
> Cc: 'full-disclosure@...ts.netsys.com'
> Subject: RE: [Full-Disclosure] Culprit Bio: Perfect Storm Averted or Just
> Ahead?
>
>
> If you're a FORTH programmer, can you comment on the validity of this?
>
> "It was also unknown that the virus infects the BIOS of the computer it
> infects by injecting a 624bytes backdoor written in FORTH which will open
> port tcp when Mydoom will be executed AFTER febuary 12."
>
>
> I'm not a programmer, nor am I a BIOS expert, but this seems bogus to me.
>
> Kenton
>
> On Thu, 2004-01-29 at 11:04, Clairmont, Jan wrote:
> <snip>
> > If there are a 1000 Forth programmers in the world I would be
> > surprised. They would need communications knowledge, programming, being
> one myself
> > there are not too many of those.   This narrows the gene pool
> significantly
> > if anyone in the know is searching.
> <snip>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

-Daniel Uriah Clemens

Esse quam videra
     (to be, rather than to appear)
	             -Moments of Sorrow are Moments of Sobriety
http://www.birmingham-infragard.org   | 2053284200
fingerprint: EDF0 6566 2A4A 220E 5760  EA1F 0424 6DF6 F662 F5BD



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ