Virus Alert: Novarg / MiMail / MyDoom

***cgkanchi*** · January 29th, 2004, 02:59 PM

I'm just going to install a fresh copy of XP on another partition and play with the damn virus. I'll let you know what I find.
Cheers,
cgkanchi

**S3cur|ty4ng31** · January 29th, 2004, 06:26 PM

ive actually been spending a lot of time with this virus.
My assembly skills are not the sharpest but Ive decompiled and figured out as much as possible
I dont see anywhere where it attempts to mess with the bios

cgkanchi
I wish I would have made another partition or ran on a vmware because I managed to infect myself when I played with it on windows...anyways heres some things that helped me

the email comes mime encoded -> linux tool mpuck can encode and decode mime
the executable is upx encoded -> upx tool (multi-platform) can encode and decode upx
at this point your can perform some reverse engineering
linux 'strings' will actually produce quite a few the names and email extensions are plainly visible but he/she attempts to hide many of the registry and system i/o with a ceasar cipher of right shift 13 characters

id be interested in hearing any other things you find

**hodzic** · February 4th, 2004, 01:41 AM

well i have some sites that can be helpful... they are about latest virus thearts and there is some tools to help u delete virus that u have.....

have fun.....

http://us.mcafee.com/virusInfo/defa...rus/default.asp

http://vil.nai.com/VIL/newly-discovered-viruses.asp

http://www.fixpad.com/virus-threats.htm

http://softwaremart.biz/virus/threats/

http://www.itexpertsnet.com/latest-...-and-hoaxes.htm

http://www.info.com.np/infocare/ind...w=virus_threats

Thread: Virus Alert: Novarg / MiMail / MyDoom

Thread Tools

Display

Posting Permissions