RE: [Full-Disclosure] Culprit Bio: Perfect Storm Averted or Just Ahead?
From: Clairmont, Jan (JMC13_at_mail3.cs.state.ny.us)
Date: 01/29/04
- Previous message: Collin R. Mulliner: "Re: [Full-Disclosure] Mydoom: Perfect Storm Averted or Just Ahead?"
- Next in thread: Henrik Persson: "RE: [Full-Disclosure] Culprit Bio: Perfect Storm Averted or Just Ahead?"
- Reply: Henrik Persson: "RE: [Full-Disclosure] Culprit Bio: Perfect Storm Averted or Just Ahead?"
- Maybe reply: Clairmont, Jan: "RE: [Full-Disclosure] Culprit Bio: Perfect Storm Averted or Just Ahead?"
- Reply: Frank Knobbe: "RE: [Full-Disclosure] Culprit Bio: Perfect Storm Averted or Just Ahead?"
- Maybe reply: Glenn_Everhart_at_bankone.com: "RE: [Full-Disclosure] Culprit Bio: Perfect Storm Averted or Just Ahead?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Thu, 29 Jan 2004 10:06:53 -0500
The guy who wrote this virus and/or unleashed it should not be too hard
to track down. One, they are a Forth programmer, old school.
I once met the Guy who invented Forth('83) and was in a seminar where
he talked it up, not too many programmer then, not now. This language is
very compact and powerful allowing a lot of functionality in a compact
environment. There is the CVS tag that mentions Andy. So there is an
association with Andy and Forth. Finally, the person knows communications
programming, old school,
tcp, ports, and sockets not portals etc, probably in assembler or C.
Lastly, this person has a big Ego, so they have probably published on
security, sockets, communications, SMTP, bios and/or forth. This person
knows
the ins and out of many computer architectures UNIX, PC, attacking Bios is
old school int 20 , 21 stuff. Probably really hates Intel, Gates and
MS, 8-> boy that's about everyone on this list. ;->
Anyone with information, a reward is going to be posted.
Regards,
Jan Clairmont
-----Original Message-----
From: Collin R. Mulliner [mailto:collin@betaversion.net]
Sent: Thursday, January 29, 2004 8:48 AM
To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Mydoom: Perfect Storm Averted or Just Ahead?
Hi,
> That'd be an interesting defense. Has anyone tried renaming their
> incoming MX machine so that it includes one of these strings?
I think all email addresses which contain the unwanted strings are filtered
out before asking for the mx host for a specific domain - so this defense
wont work. Everything else would be to slow.
... Collin
-- Collin Mulliner <collin@betaversion.net> BATAVERSiON Systems [www.betaversion.net] fom: To know recursion, you must first know recursion. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Collin R. Mulliner: "Re: [Full-Disclosure] Mydoom: Perfect Storm Averted or Just Ahead?"
- Next in thread: Henrik Persson: "RE: [Full-Disclosure] Culprit Bio: Perfect Storm Averted or Just Ahead?"
- Reply: Henrik Persson: "RE: [Full-Disclosure] Culprit Bio: Perfect Storm Averted or Just Ahead?"
- Maybe reply: Clairmont, Jan: "RE: [Full-Disclosure] Culprit Bio: Perfect Storm Averted or Just Ahead?"
- Reply: Frank Knobbe: "RE: [Full-Disclosure] Culprit Bio: Perfect Storm Averted or Just Ahead?"
- Maybe reply: Glenn_Everhart_at_bankone.com: "RE: [Full-Disclosure] Culprit Bio: Perfect Storm Averted or Just Ahead?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
