RE: [Full-Disclosure] Mydoom
From: Nick FitzGerald (nick_at_virus-l.demon.co.uk)
Date: 01/28/04
- Previous message: Nick FitzGerald: "Re: [Full-Disclosure] From field spoofing and AV responses"
- In reply to: Remko Lodder: "RE: [Full-Disclosure] Mydoom"
- Next in thread: Nick FitzGerald: "Re: [Full-Disclosure] Mydoom"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Wed, 28 Jan 2004 20:14:15 +1300
"Remko Lodder" <remko@elvandar.org> to me:
> even if it was a prefixed size.
> one 'creative CRACKER or other lame person' would change
> the virus with a single bit which makes it a bit larger,
> and all the previous detects are USELESS , eventhough it
> perhaps has the same sig as before
Did you read what I wrote?
Did you read the comment to go back and read what I haave already
written earlier in our discussions of this virus, specifically about
its filesize and detection indeterminacy based on anything filesize-
sensitive?
Please do so and stop wasting our time by repeating what has already
been better siad by others...
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Nick FitzGerald: "Re: [Full-Disclosure] From field spoofing and AV responses"
- In reply to: Remko Lodder: "RE: [Full-Disclosure] Mydoom"
- Next in thread: Nick FitzGerald: "Re: [Full-Disclosure] Mydoom"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
