RE: [Full-Disclosure] MyDoom.b samples taken down
From: first last (randnut_at_hotmail.com)
Date: 02/02/04
- Previous message: Paul Schmehl: "Re: [Full-Disclosure] MyDoom.b samples taken down"
- Maybe in reply to: Mike: "RE: [Full-Disclosure] MyDoom.b samples taken down"
- Next in thread: Bill Royds: "RE: [Full-Disclosure] MyDoom.b samples taken down"
- Reply: Bill Royds: "RE: [Full-Disclosure] MyDoom.b samples taken down"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Mon, 02 Feb 2004 01:15:04 +0000
>Just because some AV developers did not rush for the publicity
>spotlight <snip>
Come on. As soon as an AV company discovers something new they tell the
press. They love free advertising. Thus we know that the finns @ F-Secure
(if I'm not mistaken) were the first ones who found the IP addresses in the
Sobig.F virus. It took them 2 days instead of a few minutes had they just
dumped the memory of the virus while it was running and disassembled it.
> > I never analyzed the MyDoom.A or the MyDoom.B worms because I know the
> > anti-virus companies already did that the very same day they got the
>virus.
> > But from what I've read, the email sent by MyDoom.B is exactly the same
>one
> > sent by MyDoom.A. No wonder MyDoom.B never succeeded in infecting more
> > machines. Even if someone on this list mistakenly got infected by the
>copy
> > and sent out the virus to other people it's not going to make it any
>more
> > successful than it is because it looks exactly like MyDoom.A in your
>inbox.
>
>And what made Mydoom.A _so_ successful?
>
>There is always an element of what, for a better term, the experts
>refer to as "luck". Technically identical mass mailers suceed and fail
>more or less randomly (of course, you don't see the hoards of entirely
>uncessful ones we do, so you wouldn't know this. Mydoom.B has more
>chance of striking it lucky the more people run it, simply because of
This is not a case of technically similar viruses, this is a case of a two
different (related) viruses using the _exact_ same email message to spread
its executable code. The probabiltiy that a user clicks a MyDoom.A
attachment is the exact same probability that the same user clicks a
MyDoom.B attachment. The probability that a user clicks a MyDoom attachment
may not be (most likely is not) the same as the probability that the same
user clicks some other virus' attachment. So for MyDoom.B to be successful,
it would have to get rid of all MyDoom.A emails or use a different email
message.
_________________________________________________________________
Check out the coupons and bargains on MSN Offers!
http://shopping.msn.com/softcontent/softcontent.aspx?scmId=1418
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Paul Schmehl: "Re: [Full-Disclosure] MyDoom.b samples taken down"
- Maybe in reply to: Mike: "RE: [Full-Disclosure] MyDoom.b samples taken down"
- Next in thread: Bill Royds: "RE: [Full-Disclosure] MyDoom.b samples taken down"
- Reply: Bill Royds: "RE: [Full-Disclosure] MyDoom.b samples taken down"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
