[Dshield] FW: [Full-Disclosure] Hello Mydoom
bjorn at thechemistrylab.com
Fri Jan 30 18:41:42 GMT 2004
Could you be more specific. What are the conditions that need to be met in
order for this virus to GET www.sco.com ? For both versions please.
Is it possible that either version of the virus could send GET messages
before Feb. 1st (assuming correct clocks) ?
Thanks in advance,
----- Original Message -----
From: "Joe Stewart" <jstewart at lurhq.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Thursday, January 29, 2004 1:35 PM
Subject: Re: [Dshield] FW: [Full-Disclosure] Hello Mydoom
> The DoS does work, but there is a bug in the date comparison routine
> which prevents it from starting at certain times, no matter what the
> date. More often than not, it will NOT start. This could be a feature
> instead of a bug, as the "b" variant includes an extra check of a
> random number before starting the DoS, further reducing the possibility
> of it happening on any given run.
More information about the list