[Dshield] Mydoom question

JD lists at webcrunchers.com
Sun Feb 8 07:44:28 GMT 2004


Some interesting things we found with myDoom virus.  Each time it's 
transmitted
to a new system,  it's signature changes,  making it very hard to write 
rules
to detect it.  It seems to happen when a machine is infected,  then is 
sent
out to others,  where it then changes.   We found SOME sections of the 
code
the same,  but not the ones which can identify it properly.   Has 
anyone else
experienced this?

John




More information about the list mailing list