> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Bill Royds
[snip]
> To amateur "virus researchers", unless you have a "Clean
> room" to test the virus (a completely isolated computer network with
the
> ability to catch all possible traffic and machine state changes), you
ha
I think it is purely social engineering, there is nothing special about
this malware, it is pretty common now. What it seems to have done
different is that it made Windows users see an icon that looked like a
text file, one that they have been trained to accept as "safe"
I think that there's a go
Oh crap.
For the pedantic;
ok ok, wireless networking is out too, ok?
I wrote:
[snip]
> The ability of nasties to get from the clean room to machines
> on your LAN or the internet should be limited to the capacitance
> of thin air. No wires.
___
Full
Bill
You make some good points, but as to your comment that "Mydoom.B was not
as successful as mMydoom.A because people had already been warned about
clicking on messages with that format. It has nothing to do with the
lethality of the virus. What makes a virus dangerous today is much less
the
On Sun, 01 Feb 2004 22:53:59 EST, Bill Royds <[EMAIL PROTECTED]> said:
> Mydoom.B was not as successful as mMydoom.A because people had already been
> warned about clicking on messages with that format. It has nothing to do
> with the lethality of the virus. What makes a virus dangerous today is m
f
finding something new before you re-infect the Internet with the virus.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of first last
Sent: February 1, 2004 8:15 PM
To: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] MyDoom.b samples taken down
>Just b
Paul Schmehl <[EMAIL PROTECTED]> wrote:
> ... The AV
> industry is not mono-lithic and there are many internal disagreements that
> the public are never privy to.
Shal we agree on "seldom" rather than "never"?
Oh, and now you've told them we'll have to shoot you... 8-)
Regards,
Nick FitzGe
[EMAIL PROTECTED] wrote:
> > Then how do you explain F-Prot's recent article condemning other AV
> > companies for doing the "spamvertising" you complain about? The AV
> > industry is not mono-lithic and there are many internal disagreements
> > that the public are never privy to.
>
> One compan
--On Sunday, February 1, 2004 7:45 PM -0500 [EMAIL PROTECTED] wrote:
On Mon, 02 Feb 2004 11:45:47 +1300, Nick FitzGerald
<[EMAIL PROTECTED]> said:
If anything, *not* fueling the problem to ensure you have a job would be
so out-of-character for the A/V industry that you'd probably be shunned
as a
;
Please flame me off-list, full-disclosure doesn't mean you have to post
your every thought to the public list.
Cheers,
Brad
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Monday, February 02, 2004 11:34 AM
> To: Paul Schmehl
> Cc: [E
On Sun, 01 Feb 2004 19:17:01 CST, Paul Schmehl <[EMAIL PROTECTED]> said:
> Then how do you explain F-Prot's recent article condemning other AV
> companies for doing the "spamvertising" you complain about? The AV
> industry is not mono-lithic and there are many internal disagreements that
> th
[EMAIL PROTECTED] wrote:
> > You wouldn't want us to be seen to "fuelling the problem" to ensure we
> > have a job would you??
>
> You're talking about an industry that sees fit to make the problem 3 to 4
> times worse by sending advertising spam (a.k.a "a virus was detected" notices)
> back to
Just because some AV developers did not rush for the publicity
spotlight
Come on. As soon as an AV company discovers something new they tell the
press. They love free advertising. Thus we know that the finns @ F-Secure
(if I'm not mistaken) were the first ones who found the IP addresses in the
On Mon, 02 Feb 2004 11:45:47 +1300, Nick FitzGerald <[EMAIL PROTECTED]> said:
> You wouldn't want us to be seen to "fuelling the problem" to ensure we
> have a job would you??
You're talking about an industry that sees fit to make the problem 3 to 4
times worse by sending advertising spam (a.k.
Kurt Weiske <[EMAIL PROTECTED]> wrote:
> > I know most of you will not believe this because you so stupid you
> > already believe that live virus samples are _just_ information and
> > therefore _should_ be subject to "full disclosure" (this is a special
> > form of ignorance that very little e
Ed Carp <[EMAIL PROTECTED]> wrote:
> This is just so arrogant as to be unreal. ...
First, I take it you don't me that well...
Second, therefore I take it that you support increasing the spread of
viruses through encouraging inexpert fools to just have at it with
virus binaries...
Repeating y
"first last" <[EMAIL PROTECTED]> wrote:
> Nick, you being the virus expert and all, how come it took you and your
> fellow virus experts two days to "decrypt" (i.e., unpack) the
> tElock-protected Sobig.F virus a couple of months ago? ...
You being so smart and all, how you still haven't worke
Diego Calleja wrote:
possible. Posting the virus to a URL on this list means it ends up on
the web archive which means it shows up in Google which means any Tom,
Dick, or Jane can download the live virus. So if you wish to help
I their also turd is progressed dozens of several dozens of in
Nick FitzGerald wrote mostly crap:
Nick, you being the virus expert and all, how come it took you and your
fellow virus experts two days to "decrypt" (i.e., unpack) the
tElock-protected Sobig.F virus a couple of months ago? It appears that your
awesome skill of being able to unpack UPX scramble
El Sat, 31 Jan 2004 16:37:05 -0800 Daniel Spisak <[EMAIL PROTECTED]> escribió:
> possible. Posting the virus to a URL on this list means it ends up on
> the web archive which means it shows up in Google which means any Tom,
> Dick, or Jane can download the live virus. So if you wish to help
I
>
> Nick FitzGerald wrote:
>
> > And save me the almost inevitable full-disclosure mantra
> BS replies!
>
> > ___
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.netsys.com/full-disclosure-charter.html
>
> heh.
>
>
Nick FitzGerald wrote:
And save me the almost inevitable full-disclosure mantra BS replies!
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
heh.
___
Ful
On Sun, 1 Feb 2004, Nick FitzGerald wrote:
> of it will "escape" (we see this often). And you want to subject the
> world to that threat because you want to spend hours and hours doing
> what has been done "well enough" in multiple professional security
> company labs for them to ship detection a
Nick FitzGerald wrote:
I know most of you will not believe this because you so stupid you
already believe that live virus samples are _just_ information and
therefore _should_ be subject to "full disclosure" (this is a special
form of ignorance that very little empirical evidence seems able to
Kurt Weiske <[EMAIL PROTECTED]> wrote:
> Daniel and Mike, thanks for making those files available for those of us
> who wish to research this virus firsthand, instead of relying on
> (sometimes) wildly innacurate media and "expert" reporting.
>
> Shame on McAfee for succeeding in intimidating a
Mike wrote:
That's unbelievable and incredibly lame of McAfee!!
Are we supposed to sit and wait for our free copies to be delivered to us by
the very people we are trying to stop from getting infected???
Daniel and Mike, thanks for making those files available for those of us
who wish to research
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Saturday 31 January 2004 16:37, Daniel Spisak wrote:
> Look, apparently this is not the list for me to be on. All I was trying
> to do at first was find B to analyze. Then I tried to provide it to
> people via email but that quickly escalated past w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Look, apparently this is not the list for me to be on. All I was trying
to do at first was find B to analyze. Then I tried to provide it to
people via email but that quickly escalated past what I could
personally handle by myself. Then I gave the UR
On Sun, 2004-02-01 at 06:08, Mike wrote:
> I have copied the files to the following locations:
> http://homepages.ihug.co.nz/~mjcarter/virus/MyDoomA.exe
> http://homepages.ihug.co.nz/~mjcarter/virus/MyDoomB.exe
And so the virus spreads again. and by means not anticipated by its
author... Spre
arter/virus/MyDoomA.exe
http://homepages.ihug.co.nz/~mjcarter/virus/MyDoomB.exe
Mike
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Daniel
Spisak
Sent: Sunday, February 01, 2004 10:38 AM
To: [Full Disclosure]
Subject: [Full-Disclosure] MyDoom.b samples taken
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have been asked by McAfee to take down my copy of MyDoom.B as they
have insinuated that I am now responsible for this virus spreading.
Sorry guys, I tried to help people out here but it would seem greater
powers are at work here. Don't email me as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If anyone on the list was looking for a live copy of the MyDoom.B virus
to analyze like I was I've finally managed to come across a copy of it.
If you need it email me, thanks!
Daniel E. Spisak
Security Engineer
OnlineSecurity
www.onlinesecurity.com
Not much is known about the differences from the original
version right now.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
hey all:
Has anyone seen the new Mydoom variant? If so, could someone forward a
new copy to this address? I doesn't look like this one will be too bad,
but it never hurts to be prepared!
-cheers
Andrew
___
Full-Disclosure - We believe in it.
Charter
34 matches
Mail list logo