Re: lug-bg: mydoom ?
On Saturday 31 January 2004 02:40, raptor wrote: > Az sam blokiral attachmantite koito sa .exe/and similar/, obache chetoh che > se .zip-wa.. Zip-wa, opredeleno. W zip-a ima samo 1 fail - .exe/.scr/... koito e istinskiq virus. ex: --- cut --- | Subject: No Subject | From: | To: | Date: 2004-01-29 09:22:39 +0200 | -- | The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment. | | [Attachment: body.zip] --- cut --- body.zip- 22642 bytes body.zip->body.scr - 22528 bytes Sled bryz pregled izliza che prosto mu lepwa nqkakyw zip "header" otpred + neshto si otzad i realno ne kompresira /tykmo se stresnah che oswen legendata za BIOS flasher i .zip engine ima w nego ;)/ - ex: --- cut --- | [EMAIL PROTECTED] mr700]$ unzip body.zip | Archive: body.zip | extracting: body.scr | [EMAIL PROTECTED] mr700]$ dd if=body.zip of=body.scr.test bs=1 skip=38 count=22528 | 22528+0 records in | 22528+0 records out | [EMAIL PROTECTED] mr700]$ diff body.scr.test body.scr | [EMAIL PROTECTED] mr700]$ _ --- cut --- t.e. za imane ima, no :) -- Regards, Doncho N. Gunchev GPG-Key-ID: 1024D/DA454F79 Key fingerprint = 684F 688B C508 C609 0371 5E0F A089 CB15 DA45 4F79 A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: mydoom ?
Hmz az puk si slojih badrcptto patch (hmf ne razbiram ot merge-wane na patches, no nakraq go skalupih da raboti zaedno s qmail-qregex) i si buildwam baza ot accounts kym, koito prashta, za da moga da gi spiram oshte predi da e stignal do vpopmail-a... raptor writes: opa, gotowi li ste za mydoom... kakwi merki wzimate...spodelete.. Az sam blokiral attachmantite koito sa .exe/and similar/, obache chetoh che se .zip-wa.. Move da polzwate i towa : iptables -p tcp --dport 3127 -j DROP As part of it's normal operation, the worm sends out packets to port 3127 at random IP addresses. The purpose of these packets is to locate systems infected with W32/[EMAIL PROTECTED] . If it makes contact with such a system, the worm then transmits a copy of itself to the second system where it is then executed by W32/[EMAIL PROTECTED] . When the second system is next restarted, it then becomes infected with W32/[EMAIL PROTECTED] instead of the original W32/[EMAIL PROTECTED] . kato kraina mqrka move da se blokira accessa do sco.com, koi li i bez towa hodi tam..:") modifikaciqta mai ste atakuwa i microsoft.com, a tam weche e kofti stoto e polzwan sait... WWell by Iassen Anadoliev (aka korio) A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
lug-bg: mydoom?
hmm, losho, When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources. A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
lug-bg: mydoom ?
opa, gotowi li ste za mydoom... kakwi merki wzimate...spodelete.. Az sam blokiral attachmantite koito sa .exe/and similar/, obache chetoh che se .zip-wa.. Move da polzwate i towa : iptables -p tcp --dport 3127 -j DROP As part of it's normal operation, the worm sends out packets to port 3127 at random IP addresses. The purpose of these packets is to locate systems infected with W32/[EMAIL PROTECTED] . If it makes contact with such a system, the worm then transmits a copy of itself to the second system where it is then executed by W32/[EMAIL PROTECTED] . When the second system is next restarted, it then becomes infected with W32/[EMAIL PROTECTED] instead of the original W32/[EMAIL PROTECTED] . kato kraina mqrka move da se blokira accessa do sco.com, koi li i bez towa hodi tam..:") modifikaciqta mai ste atakuwa i microsoft.com, a tam weche e kofti stoto e polzwan sait... A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html