| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <402A64FD.2030900@patria.ath.cx> From: incognito at patria.ath.cx (Filipe A.) Subject: Re: Re: DoomJuice.A, Mydoom.A source code Nick FitzGerald wrote: >> I've done that and after 12 hours I had about 27 files. 8 of them >>were unique both in size and content. ... > ^^^^^^^^^^^^^^^^^^^^^^^^ > Is that not tautological? I meant there were no files with the same length and different content. > Or were you trying to say that none of these 8 are truncated copies of > longer files in the set? After a more detailed analysis it turned out only 4 were unique and not juices A or B. But only one seems to be complete, the others look like truncs of complete parts which I don't have. >> ... but that leaves me with another 7 different >> files. Question is, how many things are out there piggybacking on >> mydoom's backdoor? ... > [...] and simply the five byte > command that instructs Mydoom's backdoor to "drop to a file and execute > the following data stream" Enlighten me here, if we send those 5 bytes and then stream it an executable file will it work? >>... And now the source code is public many more >>will emerge in the next few days... > Charming, eh?? Spreading your opensource worm code through the worm itself is quite amusing.
Powered by blists - more mailing lists