RE: CRIME RE: New one, .B, was: New virus alert: Mydoom!!!

From: Kuo, Jimmy (Jimmy_Kuo@private)
Date: Wed Jan 28 2004 - 14:41:28 PST

  • Next message: Sasha Romanosky: "CRIME Symantec scores a coup for its intrusion prevention tool"

    This element as the body of the virus' message is a distinguishing element:
    
    >sendmail daemon reported:
    >Error #804 occured during SMTP session. Partial message has been >received.
    
    
    Jimmy
    
    -----Original Message-----
    From: Seth Arnold
    To: ''''Crime List' ' ' '
    Sent: 1/28/04 12:58 PM
    Subject: Re: CRIME RE: New one, .B, was: New virus alert: Mydoom!!!
    
    On Wed, Jan 28, 2004 at 12:18:28PM -0800, Kuo, Jimmy wrote:
    > So, if you actually see the .B variant, I would love to know (and send
    > me a sample for confirmation, please).
    > http://vil.nai.com/vil/content/v_100988.htm
    
    The variations listed on this page are:
      # contains its own SMTP engine to construct outgoing messages
      # contains a peer to peer propagation routine
      # contains a Denial of Service payload
      # overwrites the local hosts file on the victim machine
      # contains a backdoor component
    
    Is there anything externally visible to us non-windows-users to help
    determine .B from .A? (Or would it be easier to just send you the 108
    virii i've accumulated recently, and let your engine sort them out?)
    
    Thanks
    
    -- 
    Immunix Secured Linux Distribution: http://immunix.org/
    



    This archive was generated by hypermail 2b30 : Wed Jan 28 2004 - 15:48:28 PST