Virus Guy  wrote in
news:m1f80t$n17$1@speranza.aioe.org: 

> Many residential ISP's are blocking their customer's ability to
> communicate beyond the ISP's network out to the internet on port
> 25. 

Mine isn't.
 
> So as you can see, you bone head, many residential ISP's can
> easily block outbound port 25 on their boundary with the internet
> for the vast, vast majority of their customers, without these
> customers even knowing such a block exists, because there really
> isin't any need or use by those people for port-25 outbound in the
> first place. 

I can see fine, thanks. You clearly ignored my previous response to 
you... There is no need for you to provide me an education on basic 
email principles. I already know this stuff, thanks anyhow.
 
>> I didn't get the chance to ask why you dodged the analysis of the
>> website url you decided to place the malware sample on?
> 
> I download a fair amount of music, movies, magazines from filepost
> - because it happens to be a primary file-locker used by uploaders
> that use listing sites like avax.  So I'm somewhat familiar with
> filepost. 

It still looks like #### though. Couldn't you find a friendlier site 
to host a malware sample?
 
> I also have about a dozen entries in my hosts file that block all
> the junk that filepost throws at you.  I've had such a block in
> place for a long time, so I don't even remember what gets thrown
> up.  I can only recommend that people close any popups that get
> spawned while following my links.  I wouldn't think that would be
> too hard for people using more recent versions of IE or FF.  I use
> FF2 as my default browser, and I can navigate filepost with ease.

I'm not sure why you think anybody should have to be careful surfing 
your links when they only want the file at the end? That makes little 
sense to me. You either want people to examine the file or you don't.

>> Nor did you have any comments concerning what anubis reported
>> back (which is essentially the actions of a dropper file).
> 
> When I submit files to anubis, it's mainly because I want to see
> if a download URL is revealed.  Something I can access myself. 
> I've looked through the various other sections of their reports
> (registry keys read, modified, created, etc) but they are of
> little interest to me (what can I do with them?).

What do you mean what can you do with them? They give up the keys to 
the kingdom. They tell you what the rogue bastard is planning to do. 
They give you viable places to look if you run across a machine later 
that may have this thing.

A download url? You might be able to harvest that if you examine the 
dropper or the resulting dropped file closer.
 
> But yes- I did find your discovery of a file being inserted into a
> run key to be informative. 

It's not my discovery. I was simply reading the report you provided 
and noticed it listed.
 
 
>> Want me to send you a simple program that would let you post it
>> right here? 
> 
> Even if I wanted to, AIOE doesn't allow posting attachments to
> usenet posts.  The software I'm using now (Netscape Communicator
> 4.79) can easily add attachments - that's not the problem.  I
> would need access to an NNTP server that allows it.  Do any free
> usenet servers allow posting of attached files?

AIOE wouldn't see it as an attachment. You'd copy/paste it from 
notepad. [g]
 


-- 
If you can read this, Thank a teacher.
If you're reading it in english, Thank a soldier!


--- NewsGate v1.0 gamma 2