[Dshield] FW: [Full-Disclosure] Hello Mydoom

Bjorn Stromberg bjorn at thechemistrylab.com
Thu Jan 29 19:51:22 GMT 2004

Perhaps a little better analysis of the worm here:


That BIOS stuff is nonsense as is the mutation after February 12th.

I have yet to hear of ANYONE being able to get this worm to send a GET
request to www.sco.com . My suspicions are that the Major A/V vendors jumped
the gun on their analysis of what www.sco.com was doing in the worm.

Bjorn Stromberg

----- Original Message ----- 
From: "Johannes B. Ullrich" <jullrich at sans.org>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Thursday, January 29, 2004 9:43 AM
Subject: Re: [Dshield] FW: [Full-Disclosure] Hello Mydoom

More information about the list mailing list