Re: information and reverse engineering bits of the Mydoom worm

From: Tim H. (tekphobia_at_comcast.net)
Date: 01/29/04

• Next message: Tim H.: "Re: information and reverse engineering bits of the Mydoom worm"
• Previous message: Hairy One Kenobi: "Re: REVIEW: "Kerberos: The Definitive Guide", Jason Garman"
• In reply to: Markus Zingg: "Re: information and reverse engineering bits of the Mydoom worm"
• Next in thread: Tim H.: "Re: information and reverse engineering bits of the Mydoom worm"
• Reply: Tim H.: "Re: information and reverse engineering bits of the Mydoom worm"
• Reply: Felix Tilley: "Re: information and reverse engineering bits of the Mydoom worm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 29 Jan 2004 00:07:34 GMT

"Markus Zingg" <m.zingg@nct.ch> wrote in message
news:agte105ttd32kvot0lqvlouvhb0esln773@4ax.com...
> >We release it for the purpose of assisting sysadmins and security
> >researchers by making the information available publicly.
> >
> >You can find the digest at: http://www.math.org.il/newworm-digest1.txt.
>
> Thanks for shareing this information. I do have two comments though:
>
> - What's listed under "The possible subjects:" unfortunately is not
> the subject but the message body.
>
> - I then also found variants of it which don't have any of these text
> strings but what apears to be a chunk of garbabe data. Do you have
> more information on this?

Do you mean this?

TRG / UGGC/1.1\r\nUbfg: jjj.fpb.pbz\r\n\r\n

which translates to:

GET / HTTP/1.1\r\nHost: www.sco.com\r\n\r\n

-Tun

>
> Markus

• Next message: Tim H.: "Re: information and reverse engineering bits of the Mydoom worm"
• Previous message: Hairy One Kenobi: "Re: REVIEW: "Kerberos: The Definitive Guide", Jason Garman"
• In reply to: Markus Zingg: "Re: information and reverse engineering bits of the Mydoom worm"
• Next in thread: Tim H.: "Re: information and reverse engineering bits of the Mydoom worm"
• Reply: Tim H.: "Re: information and reverse engineering bits of the Mydoom worm"
• Reply: Felix Tilley: "Re: information and reverse engineering bits of the Mydoom worm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: information and reverse engineering bits of the Mydoom worm ... >We release it for the purpose of assisting sysadmins and security ... Thanks for shareing this information. ... (comp.security.misc) Re: Hijack well-known ports ... I realize that there's a point where security costs more than it's ... > IPserves no purpose and is a waste of time and resources, ... All I can say is that I hope you aren't involved with network ... (comp.security.firewalls) ICMP Scan ... I saw this traffic last night on an IDS system inside a firewall. ... It looks to me like the purpose is to ... Security Linux, the comprehensive security solution that combines six ... (Incidents) RE: [Full-Disclosure] Vulnerability Disclosure Debate ... > The purpose of a lock is not security. ... The purpose of a lock is to keep unauthorized people out. ... Knowledge of limitations is just as important, ... (Full-Disclosure) Re: Hide email from spammers ... >>serve the purpose of hiding the email address? ... Next I need to learn what the "security" issues are that people keep ... I found one called Jack's FormMail at ... (comp.lang.php)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint