Re: CRIME RE: New one, .B, was: New virus alert: Mydoom!!!

From: Seth Arnold (sarnold@private)
Date: Wed Jan 28 2004 - 12:58:41 PST

Next message: Kuo, Jimmy: "RE: CRIME RE: New one, .B, was: New virus alert: Mydoom!!!"

Previous message: Kuo, Jimmy: "CRIME RE: New one, .B, was: New virus alert: Mydoom!!!"
In reply to: Kuo, Jimmy: "CRIME RE: New one, .B, was: New virus alert: Mydoom!!!"
Next in thread: Kuo, Jimmy: "RE: CRIME RE: New one, .B, was: New virus alert: Mydoom!!!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 28, 2004 at 12:18:28PM -0800, Kuo, Jimmy wrote:
> So, if you actually see the .B variant, I would love to know (and send
> me a sample for confirmation, please).
> http://vil.nai.com/vil/content/v_100988.htm

The variations listed on this page are:
  # contains its own SMTP engine to construct outgoing messages
  # contains a peer to peer propagation routine
  # contains a Denial of Service payload
  # overwrites the local hosts file on the victim machine
  # contains a backdoor component

Is there anything externally visible to us non-windows-users to help
determine .B from .A? (Or would it be easier to just send you the 108
virii i've accumulated recently, and let your engine sort them out?)

Thanks

-- 
Immunix Secured Linux Distribution: http://immunix.org/

application/pgp-signature attachment: stored

Next message: Kuo, Jimmy: "RE: CRIME RE: New one, .B, was: New virus alert: Mydoom!!!"
Previous message: Kuo, Jimmy: "CRIME RE: New one, .B, was: New virus alert: Mydoom!!!"
In reply to: Kuo, Jimmy: "CRIME RE: New one, .B, was: New virus alert: Mydoom!!!"
Next in thread: Kuo, Jimmy: "RE: CRIME RE: New one, .B, was: New virus alert: Mydoom!!!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 28 2004 - 14:11:29 PST