[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Another noxious M$ trojan

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Another noxious M$ trojan
From: Nick FitzGerald <nick@virus-l.demon.co.uk>
Date: Thu, 20 Nov 2003 19:29:18 +1300

"Gregory A. Gilliss" <ggilliss@netpublishing.com> wrote:

> For all who were interested in reviewing the suspect binaries, I have 
> posted them on my Web site:

Not at all smart -- this is self-replicating code which poses certain 
complexly more interesting ethical issues than simple vulnerability 
exploit PoC code...

Anyway, despite the different .ZIP sizes (8 bytes being twice the four-
character difference in length of filename...) the .EXEs are identical 
(as can be seen by the identical CRC-32 with unzip -v ...) and both 
straight samples of Swen.A...

Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Another noxious M$ trojan
  - From: "Gregory A. Gilliss" <ggilliss@netpublishing.com>

Prev by Date: [Full-Disclosure] Re: OpenBSD kernel panic, yet still O*BSD much worse than MS-DoS 6.0
Next by Date: Re: [Full-Disclosure] Another noxious M$ trojan
Previous by thread: Re: [Full-Disclosure] Another noxious M$ trojan
Next by thread: Re: [Full-Disclosure] Another noxious M$ trojan
Index(es):
- Date
- Thread