Re: New outlook Virus

To: <acirez@hip2linux.com>, <debian-user@lists.debian.org>
Subject: Re: New outlook Virus
From: "hogan" <hogan@netspace.net.au>
Date: Wed, 14 Feb 2001 16:10:27 +1100
Message-id: <[🔎] 03fd01c09644$79a25c40$01fefe0a@windows98>
References: <3A895992.FA948546@hip2linux.com>

Examine the code - reformat it..

You'll notice it does a basic deciphering by subtracting two from the ascii
value of a character unless it's 15, 16 or 17, in which case it translates to
LF, CR and Space accordingly.. As it does this decoding, it appends this
deciphered code to the currently running function.. As soon as the script
finishes the "for ... next" loop, it continues on with the appended code...
this is just from a cursory examination..

Hint: To more reliably decode the code, search and replace variable and
function-names to more meaningful entries - you'll figure it out better that
way.

...
If Asc(StTP1MoJ3ZU) = 15 Then
StTP1MoJ3ZU= Chr(10)
ElseIf Asc(StTP1MoJ3ZU) = 16 Then
StTP1MoJ3ZU = Chr(13)
ElseIf Asc(StTP1MoJ3ZU) = 17 Then
StTP1MoJ3ZU = Chr(32)
Else
StTP1MoJ3ZU = Chr(Asc(StTP1MoJ3ZU) - 2)
....
e7iqom5JE4z = e7iqom5JE4z & WHz23rBqlo7 & StTP1MoJ3ZU
Next

Reply to:

Prev by Date: ran e2fsck, but didn't clear check
Next by Date: difference b/w comipling kernel and source.deb
Previous by thread: ran e2fsck, but didn't clear check
Next by thread: difference b/w comipling kernel and source.deb
Index(es):
- Date
- Thread