RE: [Full-Disclosure] MyDoom.b samples taken down

From: first last (randnut_at_hotmail.com)
Date: 02/01/04

  • Next message: Diego Calleja: "Re: [Full-Disclosure] MyDoom.B"
    To: full-disclosure@lists.netsys.com
    Date: Sun, 01 Feb 2004 15:17:45 +0000
    
    

    Nick FitzGerald wrote mostly crap:
    ><snip>

    Nick, you being the virus expert and all, how come it took you and your
    fellow virus experts two days to "decrypt" (i.e., unpack) the
    tElock-protected Sobig.F virus a couple of months ago? It appears that your
    awesome skill of being able to unpack UPX scrambler protected programs such
    as MyDoom.B couldn't help you back then. So what any smart virus author
    needs to do to stop these self-proclaimed virus experts is to use tElock or
    any other non-UPX protector to protect their viruses from being analyzed by
    virus "experts". That will buy the virus author 2+ days of time.

    >No -- that's what happens when you actually have half a clue about the huge
    >_further_ damage such things can do if actually successfully distributed.
    >Mydoom.B has largely _not_ taken off, but all it probably needs is a touch
    >of the usual "luck" which is all that distinguishes most successful
    >mass-mailers from the huge numbers of unsuccessful ones lamers, like those
    >on this list clamouring to get a Mydoom.B sample, never see.

    I never analyzed the MyDoom.A or the MyDoom.B worms because I know the
    anti-virus companies already did that the very same day they got the virus.
    But from what I've read, the email sent by MyDoom.B is exactly the same one
    sent by MyDoom.A. No wonder MyDoom.B never succeeded in infecting more
    machines. Even if someone on this list mistakenly got infected by the copy
    and sent out the virus to other people it's not going to make it any more
    successful than it is because it looks exactly like MyDoom.A in your inbox.

    >I know most of you will not believe this because you so stupid you

    You so smart Nick. Self-proclaimed virus experts like yourself should go
    back to your internal virus mailing lists. Or did they kick you out?

    >And save me the almost inevitable full-disclosure mantra BS replies! I
    >really do not want to hear your ignorance rephrased that way, again -- at
    >least walk the walk before you try to talk the talk...

    If you don't want to read what people have to say, don't post to this list.

    _________________________________________________________________
    Scope out the new MSN Plus Internet Software optimizes dial-up to the max!
       http://join.msn.com/?pgmarket=en-us&page=byoa/plus&ST=1

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Diego Calleja: "Re: [Full-Disclosure] MyDoom.B"

    Relevant Pages

    • RE: lots of sobig virus emails.
      ... lots of sobig virus emails. ... 'security peoples' email addresses. ... using a list of people from security lists? ... Some poor Microsoft-using drudge gets infected, it trolls the folders, ...
      (Incidents)
    • Re: Why is this virus being detected?
      ... >>> I suspect that shadow copy runs as the 'Backup' user. ... >>> Nick ... >>> Virus Detected!!! ...
      (microsoft.public.windows.server.sbs)
    • Re: Not OT: Swen virus attacking comp.sys.sgi.admin??
      ... so there's this new W32/Swen@MM virus going around. ... something in it that targets this newsgroup for email harvesting. ... I got almost 2000 worm emails and worm bounce emails in the ... lists got infected with this worm, giving it plenty of email addresses laying ...
      (comp.sys.sgi.admin)
    • Administrivia: File Attachments
      ... Subject: Administrivia: File Attachments ... included an attached .zip file containing a .vbs file. ... non-existant virus. ... >> Is there a tool or command line that lists "account ...
      (Focus-Microsoft)
    • Re: Why such volume with W32/Swen@MM?
      ... and this is the first time I've been affected by an M$ email worm. ... debian-* lists and recently posted for the first time. ... they have gotten *zero* copies of this virus. ... Windoze machines from talking to my SMTP server. ...
      (Debian-User)