A plunger hiding behind the handle "morning_wood" wrote: > Analysis of "Update880.exe" W32.gibe - Trojan / Worm "Analysis"?? Nah. What you did shows multiple levels of stupidity but nothing that passes for "analysis". Your actions allow others to analyse you to some degree, but do not contribute anything useful to the purposes of this list. <<snip>> > ... This is a different variant than > identified by Symantic in March 2003. ... From a quick search of Symantec's web site, it seems that (what Symantec calls) Gibe.C was the only Gibe variant discovered in March, so of course this one is different. Anyone with two functioning brain cells and a hint of an idea of what they were doing would very quickly work out that this variant is bit-for-bit identical to the standard form of the Gibe.B variant, discovered in February. Mr "morning_wood" -- next time you want to help like this, please resist the temptation until you've absorbed a few more clues. Despite what you may think, the list is not a virus distribution channel and the few times otehrs have posted samples previousaly have resulted in far more folk posting "don't do that" messages than posted "way to go" ones. Finally, Gibe.B is dead common -- if this is the first sample of it to arrive in your Email then you really are far from the cutting-edge of anything related to computer viruses. I'd suggest that you would therefore be much better off refraining from making public "contributions" about them and leave that to those who actually understand them and handle them on a regular and informed basis. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Sat May 24 2003 - 23:11:05 PDT