Re: information and reverse engineering bits of the Mydoom worm
From: Tim H. (tekphobia_at_comcast.net)
Date: 01/29/04
- Next message: J. M. L.: "Public/Private network split."
- Previous message: Tim H.: "Re: information and reverse engineering bits of the Mydoom worm"
- In reply to: Tim H.: "Re: information and reverse engineering bits of the Mydoom worm"
- Next in thread: Felix Tilley: "Re: information and reverse engineering bits of the Mydoom worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Jan 2004 00:12:53 GMT
"Tim H." <tekphobia@comcast.net> wrote in message
news:a9YRb.134774$sv6.716535@attbi_s52...
>
>
> Do you mean this?
>
> TRG / UGGC/1.1\r\nUbfg: jjj.fpb.pbz\r\n\r\n
>
> which translates to:
>
> GET / HTTP/1.1\r\nHost: www.sco.com\r\n\r\n
Oooo!! Interesting! I believe their "encryption" routine starts at offset
004A465E which calls offset 004A45E3. Can't figure out why it was done like
that though...
-Tim
>
> -Tim
>
> >
> > Markus
>
>
- Next message: J. M. L.: "Public/Private network split."
- Previous message: Tim H.: "Re: information and reverse engineering bits of the Mydoom worm"
- In reply to: Tim H.: "Re: information and reverse engineering bits of the Mydoom worm"
- Next in thread: Felix Tilley: "Re: information and reverse engineering bits of the Mydoom worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
