lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY12-F67GlbZvFqV2m0000078d@hotmail.com>
From: randnut at hotmail.com (first last)
Subject: MyDoom.b samples taken down

Nick FitzGerald wrote mostly crap:
><snip>

Nick, you being the virus expert and all, how come it took you and your 
fellow virus experts two days to "decrypt" (i.e., unpack) the 
tElock-protected Sobig.F virus a couple of months ago? It appears that your 
awesome skill of being able to unpack UPX scrambler protected programs such 
as MyDoom.B couldn't help you back then. So what any smart virus author 
needs to do to stop these self-proclaimed virus experts is to use tElock or 
any other non-UPX protector to protect their viruses from being analyzed by 
virus "experts". That will buy the virus author 2+ days of time.

>No -- that's what happens when you actually have half a clue about the huge 
>_further_ damage such things can do if actually successfully distributed.  
>Mydoom.B has largely _not_ taken off, but all it probably needs is a touch 
>of the usual "luck" which is all that distinguishes most successful 
>mass-mailers from the huge numbers of unsuccessful ones lamers, like those 
>on this list clamouring to get a Mydoom.B sample, never see.

I never analyzed the MyDoom.A or the MyDoom.B worms because I know the 
anti-virus companies already did that the very same day they got the virus. 
But from what I've read, the email sent by MyDoom.B is exactly the same one 
sent by MyDoom.A. No wonder MyDoom.B never succeeded in infecting more 
machines. Even if someone on this list mistakenly got infected by the copy 
and sent out the virus to other people it's not going to make it any more 
successful than it is because it looks exactly like MyDoom.A in your inbox.

>I know most of you will not believe this because you so stupid you

You so smart Nick. Self-proclaimed virus experts like yourself should go 
back to your internal virus mailing lists. Or did they kick you out?

>And save me the almost inevitable full-disclosure mantra BS replies!  I 
>really do not want to hear your ignorance rephrased that way, again -- at 
>least walk the walk before you try to talk the talk...

If you don't want to read what people have to say, don't post to this list.

_________________________________________________________________
Scope out the new MSN Plus Internet Software — optimizes dial-up to the max! 
   http://join.msn.com/?pgmarket=en-us&page=byoa/plus&ST=1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ