TIP: Click on subject to list as thread! ANSI
echo: alt-comp-anti-virus
to: ALL
from: DUSTIN
date: 2014-10-12 17:38:00
subject: Re: Viral sample (October
Virus Guy  wrote in
news:m17dgn$5n0$1@speranza.aioe.org: 

> Dustin wrote:
>  
>> You seem to be expecting them to disable sending email for
>> residential customers without knowing their client is having an
>> issue? How do you expect them to accomplish this feat?
> 
> Why don't you do more reading about ISP's blocking port-25 for
> residential customers.
> 
> You might learn something.
> 
> You might figure out where exactly the block is supposed to
> happen, and it doesn't prevent people from sending e-mail from
> their computer using a typical client software.  Hint - it
> prevents direct-to-mx email sending by trojanized zombies that
> operate their own SMTP server on hijacked home and soho computers.

I couldn't help but notice you didn't respond to my reply concerning 
your unncessary attack and attempted (yet failed miserably) education 
on basic emailing concepts... but

I didn't get the chance to ask why you dodged the analysis of the 
website url you decided to place the malware sample on? Nor did you 
have any comments concerning what anubis reported back (which is 
essentially the actions of a dropper file). 

The random named .exe sitting in your application folder is the 
'real' target, if you're goal is to seek out and destroy malware. The 
dropper file itself was a simple trojan. It's reason for existing is 
to drop and setup your machine to run the dropped file later.
I wrote random named because each time the dropper is run, I suspect 
it'll generate a new name for the file it's supposed to be creating 
as well as a new bogus named registry key to make sure it runs later.

It would take me all of ten seconds or less to acquire the real 
malware sample, inside the dropper. Without posing any risk to myself 
or equipment. Do you suppose you can send me the real malware sample?

I'd like to see if virustotal knows it well. I can do this myself, 
but i'm not the one who created this thread whining about the 
detection rate of a dropper;a  dropper! So I'm asking if you can 
extract the real exe inside the dropper and upload that to 
virustotal. I suspect the scan results will be different.

And I'm serious, why did you suggest I or others visit such a nasty 
site to obtain the file? It was only 11kilobytes rar'd..

Want me to send you a simple program that would let you post it right 
here? That way, I wouldn't have to surf to ... painful websites to 
get the sample.

 



-- 
If you can read this, Thank a teacher.
If you're reading it in english, Thank a soldier!


--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.