lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CB1F49F2B508604292985807CF68F5F50595381A@csexchange.cs.state.ny.us>
From: JMC13 at mail3.cs.state.ny.us (Clairmont, Jan)
Subject: RE: Not into Refuting tall-tales and stories abo
 ut the Mydoom worms

First there is nothing in your analysis that excludes an embedded forth
interpreter or code, second there are fingerprints for a tsr. Since it is
an .exe and quite able to install one.  Was there a search to eliminate
the possibility?  There is plenty of unanalyzed code and looking at the
dissassembled code there are fingerprints of a tsr and forth in my opinion,
I am waiting on Mydoom.2  for any other unseen exploits.   Were the int
calls
examined for suspicious behavior?  Looking at the tsr hex codes and forth
formats there could definintely be activity there.

Your analysis does not seem complete or extensive enough to rule out
anything.

Jan Clairmont
-----Original Message-----
From: Gadi Evron [mailto:ge@...tistical.reprehensible.net] 
Sent: Friday, January 30, 2004 10:40 AM
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Refuting tall-tales and stories about the Mydoom
worms


The document contains information and reverse engineering bits of the 
Mydoom worms, refuting claims and rumors about them with facts.

It updates http://www.math.org.il/newworm-digest1.txt.

Also, we provide proof within the document of the DDoS attack that many 
in the world now report does not happen. along with a time table for the 
attack.

You can find our document at: http://www.math.org.il/mydoom-facts.txt

	Gadi Evron.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ