[Dshield] FW: [Full-Disclosure] Hello Mydoom

Micheal Patterson micheal at tsgincorporated.com
Thu Jan 29 17:09:39 GMT 2004

That was the portion that I was more concerned with. Wondering if I'm going
to have to reflash system bios should a system get infected with this thing.
So far, all of it's been stopped at our mx servers, but I'd prefer to be
prepared in the event that one manages to get through.


Micheal Patterson
TSG Network Administration

Confidentiality Notice:  This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original

----- Original Message ----- 
From: "Johannes B. Ullrich" <jullrich at sans.org>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Thursday, January 29, 2004 10:43 AM
Subject: Re: [Dshield] FW: [Full-Disclosure] Hello Mydoom


> > It was also unknown that the virus infects the BIOS of the computer it
> > infects by injecting a 624bytes backdoor written in FORTH which will
> > open port tcp when Mydoom will be executed AFTER febuary 12.

>I think this BIOS stuff is typical full-disclosure BS.
>Analyzing a virus like this is not always perfect, and I expect to see a
>few more details coming along over the next few days. For example, the
>exact conditions that trigger the DDOS are not quite understood IMHO.
>But given that the virus is rather compact, I don't expect too many
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:

More information about the list mailing list