Full Disclosure mailing list archives

RE: W32.novarg.a - Highly distributed mass mailer

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 27 Jan 2004 18:06:10 +1300

"Logan5" <Logan5 () Logan5 com> wrote:

Is the programmer a Matrix fan?  ...


If so, your "discovery" would have nothing to do with it...

...  Found this decoding the .zip and .scr
(sanitized for your protection):

@1A1Ch:
Sack_i..+D.k=.smith[C.+_.m.B...h...&joe?neo/...

Funny to see both Agent Smith and Neo on the same few bytes of code :)


Those strings are in the compressed data part of a UPX-packed .EXE so 
are not really part of the worm's code.


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

W32.novarg.a - Highly distributed mass mailer Michael Skaff (Jan 26)
- Re: W32.novarg.a - Highly distributed mass mailer Nick FitzGerald (Jan 26)
  - RE: W32.novarg.a - Highly distributed mass mailer Logan5 (Jan 26)
    - RE: W32.novarg.a - Highly distributed mass mailer Nick FitzGerald (Jan 26)