| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY12-F67GlbZvFqV2m0000078d@hotmail.com> From: randnut at hotmail.com (first last) Subject: MyDoom.b samples taken down Nick FitzGerald wrote mostly crap: ><snip> Nick, you being the virus expert and all, how come it took you and your fellow virus experts two days to "decrypt" (i.e., unpack) the tElock-protected Sobig.F virus a couple of months ago? It appears that your awesome skill of being able to unpack UPX scrambler protected programs such as MyDoom.B couldn't help you back then. So what any smart virus author needs to do to stop these self-proclaimed virus experts is to use tElock or any other non-UPX protector to protect their viruses from being analyzed by virus "experts". That will buy the virus author 2+ days of time. >No -- that's what happens when you actually have half a clue about the huge >_further_ damage such things can do if actually successfully distributed. >Mydoom.B has largely _not_ taken off, but all it probably needs is a touch >of the usual "luck" which is all that distinguishes most successful >mass-mailers from the huge numbers of unsuccessful ones lamers, like those >on this list clamouring to get a Mydoom.B sample, never see. I never analyzed the MyDoom.A or the MyDoom.B worms because I know the anti-virus companies already did that the very same day they got the virus. But from what I've read, the email sent by MyDoom.B is exactly the same one sent by MyDoom.A. No wonder MyDoom.B never succeeded in infecting more machines. Even if someone on this list mistakenly got infected by the copy and sent out the virus to other people it's not going to make it any more successful than it is because it looks exactly like MyDoom.A in your inbox. >I know most of you will not believe this because you so stupid you You so smart Nick. Self-proclaimed virus experts like yourself should go back to your internal virus mailing lists. Or did they kick you out? >And save me the almost inevitable full-disclosure mantra BS replies! I >really do not want to hear your ignorance rephrased that way, again -- at >least walk the walk before you try to talk the talk... If you don't want to read what people have to say, don't post to this list. _________________________________________________________________ Scope out the new MSN Plus Internet Software — optimizes dial-up to the max! http://join.msn.com/?pgmarket=en-us&page=byoa/plus&ST=1
Powered by blists - more mailing lists