[Dshield] FW: [Full-Disclosure] Hello Mydoom
bjorn at thechemistrylab.com
Thu Jan 29 19:51:22 GMT 2004
Perhaps a little better analysis of the worm here:
That BIOS stuff is nonsense as is the mutation after February 12th.
I have yet to hear of ANYONE being able to get this worm to send a GET
request to www.sco.com . My suspicions are that the Major A/V vendors jumped
the gun on their analysis of what www.sco.com was doing in the worm.
----- Original Message -----
From: "Johannes B. Ullrich" <jullrich at sans.org>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Thursday, January 29, 2004 9:43 AM
Subject: Re: [Dshield] FW: [Full-Disclosure] Hello Mydoom
More information about the list