[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] FrSIRT False Alarm
- To: "Thierry Zoller" <Thierry@xxxxxxxxxxxx>, <ad@xxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] FrSIRT False Alarm
- From: "Paul" <pvnick@xxxxxxxxx>
- Date: Sat, 20 Aug 2005 14:01:24 -0400
Not to mention this is hardly even assembly. This is like really ghetto
assembly. In REAL assembly, there would be no ".if" statements. It's all cmp
blah blah, jz, jnz, etc. Lot's more work. Also, there is no such thing as
.invoke MessageBox. Give me a break. In real assembly, that code would be
about 5 times longer.
Regards,
Paul
Greyhats Security
http://greyhatsecurity.org
----- Original Message -----
From: "Thierry Zoller" <Thierry@xxxxxxxxxxxx>
To: <ad@xxxxxxxxxxxx>
Cc: <full-disclosure@xxxxxxxxxxxxxxxxx>
Sent: Saturday, August 20, 2005 1:57 PM
Subject: Re: [Full-disclosure] FrSIRT False Alarm
aco> btw illwill made something to block it, havent tested it myself but
this
aco> might be useful to post it here:
aco> http://illmob.org/files/0day/msdds.dll_deactivator.rar
It sets the killbit that's all. A .reg file would have been enough but
then of course doing that in asm makes it all l33t and stuff...
--
Thierry Zoller
mailto:Thierry@xxxxxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/