Sorry Juari, > It appears that what I called sooner a BIOS BackDoor is more of a > Microsoft Windows exploit.
.. but you've lost all credibility. ----- Original Message ----- >From: "Juari Bosnikovich" <[EMAIL PROTECTED]> >To: "Frank Knobbe" <[EMAIL PROTECTED]> >Subject: Re: [Full-Disclosure] MyDoom bios infection >Date: Thu, 29 Jan 2004 15:45:15 -0500 > > > > On Thu, 29 Jan 2004, Frank Knobbe wrote: > > > On Thu, 2004-01-29 at 03:14, Ferris, Robin wrote: > > > >It was also unknown that the virus infects the BIOS of the computer it > > > >infects by injecting a 624bytes backdoor written in FORTH which will open > > > >port tcp when Mydoom will be executed AFTER febuary 12. > > > > Although code in BIOS could interact with your network card, it would > > require the correct driver routines for your particular card. Does the > > virus come with network card drivers for a variety of cards? No? Then > > BIOS code won't open a TCP port. > > I had the same thought at first and conducted an experiment. > > Using a clean Windows Server 2003 32 bit Edition on a machine with a > network adapter using the realtek 8139 chip I installed the virus and > setted the date to Febuary 11 11:50 and shutted it down after making sure > the virus has been successfully installed. > > Most of you would agree with me if I would say that nothing happened when > I rebooted the machine but this is FAR from being what happened. > > It appears that what I called sooner a BIOS BackDoor is more of a > Microsoft Windows exploit. When the infected machine boots for the SECOND > time AFTER febuary 12 it is injecting a malicious program in the Windows > installation that downloads a new version of Mydoom which will probably be > called Mydoom.c after it's discovery. > > I understand the point of vue of unbeleivers but unfortunately it is very > CLEAR to me that they did not conduct their own research concerning this > VERY destructive virus. > > As a reminder to the various persons which contacted me privately via > email and to whom I shared more information PLEASE keep it private. > > Juari Bosnikovich > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- Ian Latter Internet and Networking Security Officer Macquarie University Meet me at the Australian Unix and open systems User Group (AUUG) Security Symposium; 2004 http://www.auug.org.au/events/2004/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
