Martin wrote:
> It was somehow funny. The most annoying thing about it is that you
> get about 30 bounce mails from the people who use automatic virus
> scanners. You should switch the bounce-mails off for mailing lists,
> IMO.
sender notification is no bloody use anyhow. What was the last virus th
Am Thu, den 12.02.2004 schrieb CHS um 09:28:
> wow, has ALL of cisco been 0wned?
Calm down, it's just a faked "From:"-header. Someone posted
an email with my address, too. Look here:
http://lists.netsys.com/pipermail/full-disclosure/2004-February/016738.html
And he even tried to fake a bounce-mai
- Original Message -
From: "CHS" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, February 12, 2004 8:28 AM
Subject: Re: [Full-Disclosure] HELLO
>
> wow, has ALL of cisco been 0wned?
>
> am I the only one who se
wow, has ALL of cisco been 0wned?
am I the only one who sees just how absolutely fscking hilarious this is??
-- http://www.23.org/~chs/ -- AIM/AOL: bdsmchs
-
"Among the many misdeeds of the British rule in India, hi
<>
> why r u guys still entertaining this clown? he created this juari acct
> yest just to screw w/ ppl:
It really calms me to see that someone finally says something to this pretty
obvious lark. Someone had an outburst of gobbles-style humour here and you
folks gleefully swallowed the bait.
I, for
why r u guys still entertaining this clown? he created this juari acct
yest just to screw w/ ppl:
Juari Bosnikovich <[EMAIL PROTECTED]>
(from m-net.arbornet.org, is a public acess unix box in maine)
Login: juarib Name: Juari Bosnikovich
Directory: /home/guest/juarib
When I disassembled the virus I found new information that haven't came up
anywhere else to this time.
Here is the information that is beleived...
1. use restricted usernames to send email to and from
2. encode strings with ROT13 method
3. create a mutex called 'SwebSipcSmtxSO' when ran
4. transf
At 05:39 PM 1/28/2004 -0500, Juari Bosnikovich wrote:
It was also unknown that the virus infects the BIOS of the computer it
infects by injecting a 624bytes backdoor written in FORTH which will open
port tcp when Mydoom will be executed AFTER febuary 12.
Nice analysis, Juari. Thanks.
m5x
__
. That 10
minutes was unfortunately much to long.
-Jeremy-
-Original Message-
From: Gregh
To: Todd Burroughs
Cc: Jeremy Yowell; [EMAIL PROTECTED]
Sent: 1/27/2004 5:26 AM
Subject: Re: [Full-Disclosure] hello
- Original Message -
From: "Todd Burroughs" <[EMAIL
I was having problems believing anyone on the list WOULD be infected.
Greg.
Makes you smile, really. Dreaming of thousands of script-kiddies get
infected by executing the "infection" sent to the list.
I guess that's just a funny thought though, it isn't really fun for
*anybody*, and as we saw b
[EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] hello
> I was having problems believing anyone on the list WOULD be infected.
>
> Greg.
Makes you smile, really. Dreaming of thousands of script-kiddies get
infected by executing the "infection" sent to th
Mail transaction failed. Partial message is available.
message.zip
Description: Binary data
- Original Message -
From: "Todd Burroughs" <[EMAIL PROTECTED]>
To: "Gregh" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, January 27, 2004 5:10 PM
Subject: Re: [Full-Disclosure] hello
> This is an unmode
ary 27, 2004 1:32 PM
> Subject: [Full-Disclosure] hello
>
>
>
> .would there be a reason the list resends a worm like this?
> Mydoom isn't exactly what I wanted.
>
> Just out of interest, I realise many people want to receive
> viruses/worms/trojans so would th
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, January 27, 2004 1:32 PM
Subject: [Full-Disclosure] hello
.would there be a reason the list resends a worm like this?
Mydoom isn't exactly what I wanted.
Just out of in
file.pif
Description: Binary data
17 matches
Mail list logo