RE: [Full-Disclosure] MyDoom download info
From: first last (randnut_at_hotmail.com)
Date: 01/31/04
- Previous message: Steve Wray: "RE: [Full-Disclosure] MyDoom download info"
- Maybe in reply to: Daniel Spisak: "[Full-Disclosure] MyDoom download info"
- Next in thread: Puneet Arora: "Re: [Full-Disclosure] MyDoom download info"
- Reply: Puneet Arora: "Re: [Full-Disclosure] MyDoom download info"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Sat, 31 Jan 2004 00:28:44 +0000
> > to successfully unpack the program. All they really needed to
> > do was dump it from memory while it was running and they could've
>analyzed
> > it immediately with any disassembler.
>
>Forgive me, I am no assembly hacker nor much of a programmer,
>but would it be possible for a program to 'react' in some way
>were one to try to dump it from memory?
The program would have to use a device driver to protect itself from not
being dumped from memory to disk. But there are ways around that as well.
_________________________________________________________________
Get a FREE online virus check for your PC here, from McAfee.
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Steve Wray: "RE: [Full-Disclosure] MyDoom download info"
- Maybe in reply to: Daniel Spisak: "[Full-Disclosure] MyDoom download info"
- Next in thread: Puneet Arora: "Re: [Full-Disclosure] MyDoom download info"
- Reply: Puneet Arora: "Re: [Full-Disclosure] MyDoom download info"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
