Re: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

From: Papp Geza (pappgeza_at_tolna.net)
Date: 02/10/04

Next message: iDefense Labs: "iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow"

Previous message: Papp Geza: "Re: [Full-Disclosure] Re: Re: DoomJuice.A, Mydoom.A source code"
In reply to: Marc Maiffret: "[Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
Next in thread: Richard M. Smith: "RE: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Marc Maiffret" <mmaiffret@eeye.com>
Date: Tue, 10 Feb 2004 21:21:54 +0100

Hello Maiffret

2004. február 10., 19:30:47, írtad:
Hello,

Yes - this is two worm, that use the Mydoom backdoor`s. This is not
"binaris" and not is .zip archive.

This twoo worm are hexa. and is padked to UPX. My attachement picture
from worm W32/Doomjuice.worm.a,aliases: W32.HLLW.Doomjuice, WORM_DOOMJUICE.A,
Win32.Doomjuice.A, Worm.Win32.Doomjuice

From second worm i`have not pitures, but description...

The worm is comlex. W32/Deadhat-A
Aliases :
Win32.Vesser.A, W32.HLLW.Deadhat, Vesser, W32/Vesser.worm.a

-- 
Üdvözlettel,
  Geysap                             mailto:pappgeza@tolna.net
www.gyik.com
"VIRUS CORE TEAM"
====================================
Fiat justitia, pereat mundus!
------------------------------------
we protect your digital worlds... 
====================================
-- 
Üdvözlettel,
  Geysap                             mailto:pappgeza@tolna.net
www.gyik.com
"VIRUS CORE TEAM"
====================================
Fiat justitia, pereat mundus!
------------------------------------
we protect your digital worlds... 
====================================
 
 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: iDefense Labs: "iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow"

Previous message: Papp Geza: "Re: [Full-Disclosure] Re: Re: DoomJuice.A, Mydoom.A source code"
In reply to: Marc Maiffret: "[Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
Next in thread: Richard M. Smith: "RE: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Whats up with Zone Alarm?
... I have a good idea how the worm entered your system!!! ... | the Red Worm attack and it did not stop it. ... | things to protect her machine, ... |> what will protect you from that, not your firewall. ...
(comp.security.firewalls)
Re: Problem connecting to Internet - IP address 169.254.162.104
... >bit safer when posting to open forums. ... anybody foolish enough to post their email address on Usenet will soon get ... mass mailing worms, will get email with the next worm attached. ... And those of us who can protect ourselves, but encourage the clueless to expose ...
(microsoft.public.windowsxp.help_and_support)
How did my system get infected with a Trojan?
... I run a Windows XP SP2 system at our site that I use as a honeypot of sorts ... to help me better determine how to protect our site from intrusions. ... the security best practices as suggested by Microsoft as best I can. ... the worm was able to install itself as a service ...
(microsoft.public.windows.server.security)
Re: Virus problem
... Looks like you've been infected by a worm could be the one describe here ... to protect yourself check out these two links ... Vern ... > Goodafternoon out there in computer land, ...
(microsoft.public.win2000.applications)
Re: Infected with Sasser worm, Mitigation steps dont work
... Bazooka Adware and Spyware Scanner 1.12 ... Protect your PC! ... Should I go ahead and install the patch, even though the worm may still be on my computer? ...
(microsoft.public.windowsxp.security_admin)