Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FrSIRT False Alarm

From: "Paul" <pvnick () gmail com>
Date: Sat, 20 Aug 2005 14:01:24 -0400
Not to mention this is hardly even assembly. This is like really ghetto assembly. In REAL assembly, there would be no ".if" statements. It's all cmp blah blah, jz, jnz, etc. Lot's more work. Also, there is no such thing as .invoke MessageBox. Give me a break. In real assembly, that code would be about 5 times longer. 

Regards,
Paul
Greyhats Security
http://greyhatsecurity.org
----- Original Message ----- From: "Thierry Zoller" <Thierry () sniff-em com> 
To: <ad () class101 org>
Cc: <full-disclosure () lists grok org uk>
Sent: Saturday, August 20, 2005 1:57 PM
Subject: Re: [Full-disclosure] FrSIRT False Alarm
aco> btw illwill made something to block it, havent tested it myself but this 
aco> might be useful to post it here:
aco> http://illmob.org/files/0day/msdds.dll_deactivator.rar

It sets the killbit that's all. A .reg file would have been enough but
then of course doing that in asm makes it all l33t and stuff...

--
Thierry Zoller
mailto:Thierry () sniff-em com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: