lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon Aug 15 17:18:12 2005 From: jstewart at lurhq.com (Joe Stewart) Subject: Virus Outbreak Attacking MS05-039 WIN2K On Monday 15 August 2005 11:26 am, Andrew Smith wrote: > Can anyone explain why this virus chooses to block ebay, amazon and > paypal? This seems foolish if the intention is to remain on the > compromised host un-noticed. Recent versions of Mytob do the same thing. Mytob, if you remember, is R[x]bot + Mydoom. It appears that Zotob is just the Mytob code with the Mydoom code removed and replaced by the MS05-039 spreader, and that both codebases are maintained by the same person. Doesn't explain his motives for blocking those sites, but does explain why it is in the Zotob codebase. -Joe -- Joe Stewart, GCIH Senior Security Researcher LURHQ http://www.lurhq.com/
Powered by blists - more mailing lists