Re: information and reverse engineering bits of the Mydoom worm
From: Felix Tilley (ftilley_at_localhost.localdomain)
Date: 01/29/04
- Previous message: RXP: "Re: Question for someone CISSP certified."
- In reply to: Tim H.: "Re: information and reverse engineering bits of the Mydoom worm"
- Next in thread: Markus Zingg: "Re: information and reverse engineering bits of the Mydoom worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Jan 2004 19:48:29 -0700
In article <a9YRb.134774$sv6.716535@attbi_s52>, Wed, 28 Jan 2004 17:07:34
-0700, "Tim H." <tekphobia@comcast.net> wrote:
>> - I then also found variants of it which don't have any of these text
>> strings but what apears to be a chunk of garbabe data. Do you have more
>> information on this?
>
> Do you mean this?
>
> TRG / UGGC/1.1\r\nUbfg: jjj.fpb.pbz\r\n\r\n
>
> which translates to:
>
> GET / HTTP/1.1\r\nHost: www.sco.com\r\n\r\n
>
> -Tun
>
Which translates to a DDoS on www.sco.com. You can read up on this at
www.sans.org or other security sites.
-- Felix Tilley Rank: Capt Fanatic Lartvocate FL# 555-LART
- Previous message: RXP: "Re: Question for someone CISSP certified."
- In reply to: Tim H.: "Re: information and reverse engineering bits of the Mydoom worm"
- Next in thread: Markus Zingg: "Re: information and reverse engineering bits of the Mydoom worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
