[Dshield] Virus identity

Jim Cooke lemmonchipper at hotmail.com
Thu Nov 7 04:35:16 GMT 2002


Back in the old days we used to keep a sacrificial machine to infect with a 
suspected virus to document the symtoms. MBR  hammers were the big deal back 
then.
Just about any anti virus company should be able to take your suspected 
binary and figure out what it will do when cut loose.
Ever since a simple 5 clock tic add function took 4 meg to write these days 
I gave up hunting bugs.
Love the fact that Dshield is here to help those of us who either gave up or 
just got old as in my case...Thanks "D" Folks.
Also thanks for the link to ZoneLog.  Never sent a report but never found a 
hacker that wasn't fun to watch.
Now that I said that all hell will break loose...LOL.
Have fun and I hope you solve your query of the mysterious code you have. If 
I had it I would just look at the hex and see what its doin' but I don't 
have it and don't want it. Best wishes, Lem

>From: David Kennedy CISSP <david.kennedy at acm.org>
>Reply-To: list at dshield.org
>To: list at dshield.org
>Subject: Re: [Dshield] Virus identity
>Date: Wed, 06 Nov 2002 17:38:37 -0500
>
>At 09:43 AM 11/6/02 -0500, Browder, Charles wrote:
>
> >Is there somewhere I can send a suspected file to have it checked to see 
>if
> >it's some new form of virus or a mod of an old virus?
>
> >InocuLan desktop virus program no problem.
>
>You're already paying CA to do this for you
>    Computer Associates (US)       <virus at cai.com>
>
>
>Other's (thanks to Nick Fitzgerald for the list):
>
>    Command Software               <virus at commandcom.com>
>    Computer Associates (US)       <virus at cai.com>
>    Computer Associates (Vet/IPE)  <ipevirus at vet.com.au>
>    DialogueScience (Dr.Web)       <Antivir at dials.ru>
>    Eset (NOD32)                   <trnka at eset.sk>
>    F-Secure Corp.                 <samples at f-secure.com>
>    Frisk Software                 <viruslab at complex.is>
>    Kaspersky Labs                 <newvirus at avp.ru>
>    Network Associates (US)        <virus_research at nai.com>
>    Norman (NVC)                   <analysis at norman.no>
>    Sophos Plc.                    <support at sophos.com>
>    Symantec                       <avsubmit at symantec.com>
>    Trend Micro                    <virus_doctor at trendmicro.com>
>
>We'll be happy to take a look at a sample for you as well:
>vlab at icsalabs.com
>
>
>--
>Regards,
>
>David Kennedy CISSP                         /"\
>Director of Research Services,              \ / ASCII Ribbon Campaign
>TruSecure Corp. http://www.trusecure.com     X  Against HTML Mail
>Protect what you connect;                   / \
>Look both ways before crossing the Net.
>
>_______________________________________________
>Dshield mailing list
>Dshield at dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list


_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. 
http://join.msn.com/?page=features/virus




More information about the list mailing list