[Dshield] new Netsky.b virus - quick analysis (incl. hexdump)

Jon R. Kibler Jon.Kibler at aset.com
Thu Feb 19 17:58:47 GMT 2004

jayjwa wrote:


> And we've also got a good idea of how it auto-starts on each boot-up. I
> swear, there must be a templet or auto-generator for these things on the
> loose someplace. Has anyone noticed that this last batch of virus/worms
> all are fundimently the same?


Why are they fundamentally the same? I don't think it is a template or 
worm generator. I really think that a very few individuals working for
spammers, or even a spammer organization itself, is responsible. Thus,
the similarity. I mean these organizations are even running "Help Wanted"
ads for virus writers -- offering 6-figure salaries (USD) at offshore

Let's face it... almost all of the recent worms pass the "duck test" for
spammer originated. What other conclusion can we draw?

Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214

Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

More information about the list mailing list