[Dshield] FW: [Full-Disclosure] Hello Mydoom

Bjorn Stromberg bjorn at thechemistrylab.com
Fri Jan 30 18:41:42 GMT 2004


Could you be more specific. What are the conditions that need to be met in
order for this virus to GET www.sco.com ? For both versions please.

Is it possible that either version of the virus could send GET messages
before Feb. 1st (assuming correct clocks) ?

Thanks in advance,

Bjorn Stromberg

----- Original Message ----- 
From: "Joe Stewart" <jstewart at lurhq.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Thursday, January 29, 2004 1:35 PM
Subject: Re: [Dshield] FW: [Full-Disclosure] Hello Mydoom
> The DoS does work, but there is a bug in the date comparison routine
> which prevents it from starting at certain times, no matter what the
> date. More often than not, it will NOT start. This could be a feature
> instead of a bug, as the "b" variant includes an extra check of a
> random number before starting the DoS, further reducing the possibility
> of it happening on any given run.




More information about the list mailing list