Subject: [Dshield] FW: [Full-Disclosure] Hello Mydoom

Kenneth Coney superc at
Fri Jan 30 16:46:05 GMT 2004

No question there are some interesting things about My doom.  The first one 
I received (1/27/04 at about 8AM) was from: my first middle 
name at (file.scr type).  The circle of humans who know my middle 
name and in combination with my email address here is fairly small, not 
more than 100 or so.  As none of the obvious ones admit to an infection I 
wonder if early specimens used certain semi-public domain lists from SBA or 
D&B where such business information can be downloaded for a slight fee. 
That we have a return to a virus that attacks a computer's BIOS is not 
unanticipated.  I have dealt enough with Fix-CH variants in the older 
machines that I have wondered why modern malware writers and our enemies 
have ignored this.  As Pentiums and Mother Boards have evolved and changed 
it only stands to reason that new not commonly looked for BIOS 
vulnerabilities would also emerge to exploited by someone who knows what's 
there and what they are doing.  Imagine the economic impact and where we 
would be, if Blaster had been designed to attempt to replicate 50 times, 
then kill the host BIOS.  Millions of new desktop paperweights across the 
planet.  What impact on infrastructure (how many have noticed we still have 
not heard officially exactly why the computerized alarms and safeties did 
not trip prior to the big power outage last year?  An infection is my 
outsider guess.) would thousands of suddenly totally dead and inert PCs 
have?  I don't neccesarily agree with either of your premises (i.e., the 
viral professionals that published diagnosis
of the Mydoom.A virus are trying to hide something or are very
incompetent).  I suspect instead that they have 1) become complacent and 
plagarize each others findings, 2) aren't given enough budget and time to 
disect the specimens provided (it is noted that Norton has done several AV 
definition changes in the past 3 days, presumably as they learn more), and 
3) you might have gotten something no one else has seen yet.

More information about the list mailing list