Raid's Toadie & Pegasus Mail
in [Anti-Virus]
|
Prev: Raid: that was over ten years ago
Next: Raid: "I'm rather proud of that virus, why on earth would I apologize..."
From: Non scrivetemi on 14 May 2010 20:05 (Like pedophiles and rapists, a sociopath prick like Raid Slam cannot be cured. Sooner or later MBAM will bite thousands big time.) http://www.securiteam.com/securitynews/2CUQFS0S0S.html A new virus strain uses Pegasus Mail to propagate 29 Aug. 1999 Summary A new Virus, called HLLT.Toadie propagates via Pegasus Mail. The Virus has two known variants, of 6585 and 6810 bytes in length. Both Viruses were written in Pascal by a virus writer calling himself "RAiD". The viral code is packed with LzExe and then scrambled to make it difficult to unpack it with any standard unpacker. The 6585 size variant uses Pegasus mail to send itself. The 6810 size variant attempts to use mIRC client and dcc itself under the name TOADIE.EXE whenever somebody joins the mIRC channel. First variant carries the string "Toadie 1.0", second - "Toadie 1.1".
From: JD on 14 May 2010 22:39 Non scrivetemi wrote: > Snip 1999 BS from a sociopath prick > Hi Chris. Blog traffic down? -- JD..
From: Dustin Cook on 15 May 2010 00:52 "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in news:hskq5j$3j6$1 @news.eternal-september.org: > Can you dig up Irok articles next please? Your kidding right? :( -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior
From: FromTheRafters on 15 May 2010 06:47 "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message news:Xns9D79A4257301HHI2948AJD832(a)69.16.185.250... > "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in > news:hskq5j$3j6$1 > @news.eternal-september.org: > >> Can you dig up Irok articles next please? > > Your kidding right? :( Yes, just a preemptive strike against more old news. :o)
From: Dustin Cook on 18 May 2010 01:17
Toxic <staring(a)my_hd.tv> wrote in news:pan.2010.05.17.08.43.38(a)cdc.gov: > On Sat, 15 May 2010 02:05:57 +0200, Non scrivetemi wrote: > > >> A new Virus, called HLLT.Toadie propagates via Pegasus Mail. The Virus >> has two known variants, of 6585 and 6810 bytes in length. Both Viruses >> were written in Pascal by a virus writer calling himself "RAiD". The >> viral code is packed with LzExe and then scrambled to make it difficult >> to unpack it with any standard unpacker. > > Maybe Pierre's IDA Pro could sort it? Wasn't pascal, wazn't lzexe either, and you didn't need ida pro. Toadie contained no booby traps or anything else to make disassembly a real pain. Don't believe all the BS you read that either the avers put out, or the news agencies did. More than half of it is outright bullshit. Case in point, you'll find the fprot description (and a few other antivirus companies) of irok claims it will damage or corrupt the contents of your hard disk; While the text inside does claim this is what happened, it's a lie. In fact, what really took place was this: All files and directories from root of current drive are renamed to a random series of high ascii characters; perfectly legal filenames, just not keys any joe would find on the keyboard. It appeared to be corrupted; to people who shouldn't be messing around with computers beyond opening word or excel. To anyone with any skills whatsoever, it was a joke borrowed from 1980s floppy disk anti copy protection technology. The fact irok did that and didn't destroy data like fprot and I think, even sophos originally claimed was cause for an interesting discussion here sometime back. Do you know what happened at the end? The guy who was infected in the first place wound up thanking me for telling him to ignore the avers advice and reformat. I told him I didn't delete any of his data, and he proved me right when he restored his system 100%; even tho various avers were telling him he was fucked and his data was gone. If your going to dig up trash on me, might as well dig up all of it. huh? :) -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior |