Here you have, ;o)

[Declan McCullagh]

Ah, and here I was being mildly impressed that vorm writers are getting 
smarter. My mistake; thanks for the correction. But vorm-generator writers 
certainly are. :)

-Declan


At 10:37 AM 2/13/01 -0500, Steve Orrin wrote:
>Actually the part that looks like executable code is just encoded and the
>second part of the virus is a script to decode it. Once decoded it is
>executed and it is this decoded script that actually executes the virus
>methods (adding things to registry, replication and a timed DoS against some
>web site in .nl)
>The real interesting thing is that the virus was created by a Worm Generator
>(known as VBSWG 1.50b). It creates the worm for any script kiddie, thus
>doing the hard work like obfuscating the code and using randomly generated
>object names as well as the replication code and Registry entries.
>-Steve
>-----Original Message-----
>From: Declan McCullagh <declan at well.com>
>To: Adam Back <adam at cypherspace.org>
>Cc: Vin McLellan <vin at shore.net>; Com Cypherpunks at Toad.
><cypherpunks at toad.com>
>Date: Tuesday, February 13, 2001 10:07 AM
>Subject: Re: Here you have, ;o)
>
>
> >Yep. Vorm writers are getting smarter. It seems as though VB
> >lets you embed executable (compiled, I assume) code in a .vbs
> >file, so a casual observer can't easily tell what this one does.
> >
> >-Declan
> >
> >
> >On Mon, Feb 12, 2001 at 09:37:33PM -0400, Adam Back wrote:
> >> Heh, heh.  Guess who uses outlook :-)
> >>
> >> Endless source of amusement as a linux user watching the VB
> >> script worms play out.  I think you actually have to click
> >> on this one, though the double extension helps as many
> >> users won't see the 2nd .vbs, just the .jpg.
> >>
> >> Adam
> >>
> >> On Mon, Feb 12, 2001 at 08:09:32PM -0500, Vin McLellan wrote:
> >> > Hi:
> >> > Check This!
> >>
> >>
> >