RE: [Full-Disclosure] MyDoom.b samples taken down

From: first last (
Date: 02/01/04

  • Next message: Diego Calleja: "Re: [Full-Disclosure] MyDoom.B"
    Date: Sun, 01 Feb 2004 15:17:45 +0000

    Nick FitzGerald wrote mostly crap:

    Nick, you being the virus expert and all, how come it took you and your
    fellow virus experts two days to "decrypt" (i.e., unpack) the
    tElock-protected Sobig.F virus a couple of months ago? It appears that your
    awesome skill of being able to unpack UPX scrambler protected programs such
    as MyDoom.B couldn't help you back then. So what any smart virus author
    needs to do to stop these self-proclaimed virus experts is to use tElock or
    any other non-UPX protector to protect their viruses from being analyzed by
    virus "experts". That will buy the virus author 2+ days of time.

    >No -- that's what happens when you actually have half a clue about the huge
    >_further_ damage such things can do if actually successfully distributed.
    >Mydoom.B has largely _not_ taken off, but all it probably needs is a touch
    >of the usual "luck" which is all that distinguishes most successful
    >mass-mailers from the huge numbers of unsuccessful ones lamers, like those
    >on this list clamouring to get a Mydoom.B sample, never see.

    I never analyzed the MyDoom.A or the MyDoom.B worms because I know the
    anti-virus companies already did that the very same day they got the virus.
    But from what I've read, the email sent by MyDoom.B is exactly the same one
    sent by MyDoom.A. No wonder MyDoom.B never succeeded in infecting more
    machines. Even if someone on this list mistakenly got infected by the copy
    and sent out the virus to other people it's not going to make it any more
    successful than it is because it looks exactly like MyDoom.A in your inbox.

    >I know most of you will not believe this because you so stupid you

    You so smart Nick. Self-proclaimed virus experts like yourself should go
    back to your internal virus mailing lists. Or did they kick you out?

    >And save me the almost inevitable full-disclosure mantra BS replies! I
    >really do not want to hear your ignorance rephrased that way, again -- at
    >least walk the walk before you try to talk the talk...

    If you don't want to read what people have to say, don't post to this list.

    Scope out the new MSN Plus Internet Software optimizes dial-up to the max!

    Full-Disclosure - We believe in it.

  • Next message: Diego Calleja: "Re: [Full-Disclosure] MyDoom.B"