Vulnerability Development mailing list archives
Re: Another new worm???
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Tue, 20 Jun 2000 19:56:48 -0700
Dan Schrader wrote:
Thank you
You're welcome.
You have no provided the virus to 40,000 people who have nothing in common
I've got less than 10,000 subscribers. Dunno how many people read the archives on the SecurityFocus.com site.
except that they are interested in security. Go to usenet and you will find dozens of posts from virus writers and vx wannabes asking for viruses to play with - you answered their prayers.
I'm not really the best source of viruses, but I help out when I can.
This virus has already been extensively analyzed - there was no need to spread it further.
Hm... now there's a sticky point. I've tried once or twice to get a copy of a virus from Trend Micro (and other AV vendors.) I've been turned down flat each time. Seems there's a policy to not give out the code. Now, if I wanted to by cynical, I'd assume that was because the AV vendors have a direct financial interest in the code not being publicly available, thereby forcing people to buy AV software for protection. I get the distinct impression that they don't share with each other as well. I'll leave that for you to comment on if you like. However, there are loads of us who maintain our own mail filters and IDS signatures, and who want to understand the root issues behind the virus spread. We don't necessarily want to pay someone else to do that for us. The "information" that AV companies publish about viruses is nearly useless for these purposes.
In the future if you wish to have a file analyzed, send to known, trusted experts or send to one or more of the antivirus vendors. Trend Micro will analyze unsolicated files if you send them to: virus_doctor () trendmicro com
So now you've got it, let's see the analysis. Keep in mind that the kind of analysis that has gone on here before often includes picking through the code and commenting on interesting bits. BB
Current thread:
- Re: Another new worm???, (continued)
- Re: Another new worm??? Pierre Vandevenne (Jun 19)
- Re: Another new worm??? Kenneth Williams (Jun 19)
- Re: Another new worm??? Blue Boar (Jun 19)
- Re: Another new worm??? Jason Legate (Jun 19)
- Re: Another new worm??? Ron DuFresne (Jun 19)
- Re: Another new worm??? PS Howe (Jun 19)
- Re: Another new worm??? Alexander Kiwerski (Jun 19)
- Re: Another new worm??? Zoa_Chien (Jun 19)
- Re: Another new worm??? Alexander Kiwerski (Jun 19)
- Re: Another new worm??? Dan Schrader (Jun 20)
- Re: Another new worm??? Blue Boar (Jun 20)
- Re: Another new worm??? Bennett Todd (Jun 20)
- Re: Another new worm??? ~jim (Jun 20)
- Re: Another new worm??? Justin Randall (Jun 20)
- Re: Another new worm??? (long) Pierre Vandevenne (Jun 21)
- Re: Another new worm??? Joe Gee (Jun 20)
- Re: Another new worm??? Dan Schrader (Jun 21)
- Re: Another new worm??? Bennett Todd (Jun 21)
- Re: Another new worm??? (technical) Pierre Vandevenne (Jun 22)
- Re: Another new worm??? (technical) Bluefish (Jun 23)
- Re: Another new worm??? (technical) Pierre Vandevenne (Jun 23)
- Re: Another new worm??? Bennett Todd (Jun 21)
- Re: Another new worm??? Pierre Vandevenne (Jun 19)