This element as the body of the virus' message is a distinguishing element: >sendmail daemon reported: >Error #804 occured during SMTP session. Partial message has been >received. Jimmy -----Original Message----- From: Seth Arnold To: ''''Crime List' ' ' ' Sent: 1/28/04 12:58 PM Subject: Re: CRIME RE: New one, .B, was: New virus alert: Mydoom!!! On Wed, Jan 28, 2004 at 12:18:28PM -0800, Kuo, Jimmy wrote: > So, if you actually see the .B variant, I would love to know (and send > me a sample for confirmation, please). > http://vil.nai.com/vil/content/v_100988.htm The variations listed on this page are: # contains its own SMTP engine to construct outgoing messages # contains a peer to peer propagation routine # contains a Denial of Service payload # overwrites the local hosts file on the victim machine # contains a backdoor component Is there anything externally visible to us non-windows-users to help determine .B from .A? (Or would it be easier to just send you the 108 virii i've accumulated recently, and let your engine sort them out?) Thanks -- Immunix Secured Linux Distribution: http://immunix.org/
This archive was generated by hypermail 2b30 : Wed Jan 28 2004 - 15:48:28 PST