| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200401301330.09367.jstewart@lurhq.com> From: jstewart at lurhq.com (Joe Stewart) Subject: RE: Not into Refuting tall-tales and stories abo ut the Mydoom worms On Friday 30 January 2004 12:02 pm, Clairmont, Jan wrote: > First there is nothing in your analysis that excludes an embedded > forth interpreter or code, Yes, but there IS an embedded pong game written in ADA. Can you prove there isn't? How about the fact that Juari already admitted there was no bios infection? > second there are fingerprints for a tsr. Where? Offsets, please. > Since it is an .exe and quite able to install one. Was there a > search to eliminate the possibility? Even though Juari was obviously trolling, yes there was a search. > There is plenty of unanalyzed > code How do you know what code is unanalyzed? > and looking at the dissassembled code there are fingerprints of > a tsr and forth in my opinion Where? Offsets, please. > Were the int calls > examined for suspicious behavior? Looking at the tsr hex codes and > forth formats there could definintely be activity there. There are no INT calls. Are you looking at this in a 16-bit disassembler by any chance? > Your analysis does not seem complete or extensive enough to rule out > anything. Just like I can't rule out the possibility that you and Juari are the same person and you are still trolling. -Joe
Powered by blists - more mailing lists