[Dshield] new Netsky.b virus - quick analysis (incl. hexdump)

Jon R. Kibler Jon.Kibler at aset.com
Thu Feb 19 17:58:47 GMT 2004


jayjwa wrote:

<SNIP!>

> And we've also got a good idea of how it auto-starts on each boot-up. I
> swear, there must be a templet or auto-generator for these things on the
> loose someplace. Has anyone noticed that this last batch of virus/worms
> all are fundimently the same?
> 

<SNIP!>

Why are they fundamentally the same? I don't think it is a template or 
worm generator. I really think that a very few individuals working for
spammers, or even a spammer organization itself, is responsible. Thus,
the similarity. I mean these organizations are even running "Help Wanted"
ads for virus writers -- offering 6-figure salaries (USD) at offshore
locations. 

Let's face it... almost all of the recent worms pass the "duck test" for
spammer originated. What other conclusion can we draw?

Jon
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list