| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: JMC13 at mail3.cs.state.ny.us (Clairmont, Jan) Subject: RE: Not into Refuting tall-tales and stories abo ut the Mydoom worms First there is nothing in your analysis that excludes an embedded forth interpreter or code, second there are fingerprints for a tsr. Since it is an .exe and quite able to install one. Was there a search to eliminate the possibility? There is plenty of unanalyzed code and looking at the dissassembled code there are fingerprints of a tsr and forth in my opinion, I am waiting on Mydoom.2 for any other unseen exploits. Were the int calls examined for suspicious behavior? Looking at the tsr hex codes and forth formats there could definintely be activity there. Your analysis does not seem complete or extensive enough to rule out anything. Jan Clairmont -----Original Message----- From: Gadi Evron [mailto:ge@...tistical.reprehensible.net] Sent: Friday, January 30, 2004 10:40 AM To: bugtraq@...urityfocus.com Cc: full-disclosure@...ts.netsys.com Subject: [Full-Disclosure] Refuting tall-tales and stories about the Mydoom worms The document contains information and reverse engineering bits of the Mydoom worms, refuting claims and rumors about them with facts. It updates http://www.math.org.il/newworm-digest1.txt. Also, we provide proof within the document of the DDoS attack that many in the world now report does not happen. along with a time table for the attack. You can find our document at: http://www.math.org.il/mydoom-facts.txt Gadi Evron. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists