Re: Here you have, ;o)
Actually the part that looks like executable code is just encoded and the second part of the virus is a script to decode it. Once decoded it is executed and it is this decoded script that actually executes the virus methods (adding things to registry, replication and a timed DoS against some web site in .nl) The real interesting thing is that the virus was created by a Worm Generator (known as VBSWG 1.50b). It creates the worm for any script kiddie, thus doing the hard work like obfuscating the code and using randomly generated object names as well as the replication code and Registry entries. -Steve -----Original Message----- From: Declan McCullagh <declan@well.com> To: Adam Back <adam@cypherspace.org> Cc: Vin McLellan <vin@shore.net>; Com Cypherpunks@Toad. <cypherpunks@toad.com> Date: Tuesday, February 13, 2001 10:07 AM Subject: Re: Here you have, ;o)
Yep. Vorm writers are getting smarter. It seems as though VB lets you embed executable (compiled, I assume) code in a .vbs file, so a casual observer can't easily tell what this one does.
-Declan
On Mon, Feb 12, 2001 at 09:37:33PM -0400, Adam Back wrote:
Heh, heh. Guess who uses outlook :-)
Endless source of amusement as a linux user watching the VB script worms play out. I think you actually have to click on this one, though the double extension helps as many users won't see the 2nd .vbs, just the .jpg.
Adam
On Mon, Feb 12, 2001 at 08:09:32PM -0500, Vin McLellan wrote:
Hi: Check This!
Ah, and here I was being mildly impressed that vorm writers are getting smarter. My mistake; thanks for the correction. But vorm-generator writers certainly are. :) -Declan At 10:37 AM 2/13/01 -0500, Steve Orrin wrote:
Actually the part that looks like executable code is just encoded and the second part of the virus is a script to decode it. Once decoded it is executed and it is this decoded script that actually executes the virus methods (adding things to registry, replication and a timed DoS against some web site in .nl) The real interesting thing is that the virus was created by a Worm Generator (known as VBSWG 1.50b). It creates the worm for any script kiddie, thus doing the hard work like obfuscating the code and using randomly generated object names as well as the replication code and Registry entries. -Steve -----Original Message----- From: Declan McCullagh <declan@well.com> To: Adam Back <adam@cypherspace.org> Cc: Vin McLellan <vin@shore.net>; Com Cypherpunks@Toad. <cypherpunks@toad.com> Date: Tuesday, February 13, 2001 10:07 AM Subject: Re: Here you have, ;o)
Yep. Vorm writers are getting smarter. It seems as though VB lets you embed executable (compiled, I assume) code in a .vbs file, so a casual observer can't easily tell what this one does.
-Declan
On Mon, Feb 12, 2001 at 09:37:33PM -0400, Adam Back wrote:
Heh, heh. Guess who uses outlook :-)
Endless source of amusement as a linux user watching the VB script worms play out. I think you actually have to click on this one, though the double extension helps as many users won't see the 2nd .vbs, just the .jpg.
Adam
On Mon, Feb 12, 2001 at 08:09:32PM -0500, Vin McLellan wrote:
Hi: Check This!
participants (2)
-
Declan McCullagh -
Steve Orrin