Subject: Raid/Dustin Cook Caught 'writing/passing'(?) Again - In 2007
in [Anti-Virus]
|
From: Dustin Cook on 19 May 2010 22:34 starwars <nonscrivetemi(a)tatooine.homelinux.net> wrote in news:9492c9498a388c1efae921353f2acfe4(a)tatooine.homelinux.net: > (First of all, !Liarthos = Leythos.) > > (Here in 2007, Raid/Dustin Cook is caught trying to insert 'strange' > code into another of his so-called programs, which are little more strange code? It was 4 letters; a marker inside the executable. Not "code" in any sense of the word; and nothing malicious about it either. The code (drumroll please) was "FU4Q"; and had you read the thread you copy/pasted from, you'd have understood it to be a cute message towards an old associate of mine by the name of 4Q. > than honey traps for the unwary and ignorant. Oh, but that doesn't > mean he hasn't "changed". Right?) Well, it tells me you don't know code from data from html... ad nausem. But, then again, with your ranting; that doesn't really surprise me. Btw, Remove-it is a plagurised piece distributed by Christopher Butts; am I to assume you support his activities with the snippit you pasted? -- Feel free to steal this tagline!
From: Ant on 20 May 2010 09:18 "Dustin Cook" wrote: > starwars <nonscrivetemi(a)tatooine.homelinux.net> wrote: >> (Here in 2007, Raid/Dustin Cook is caught trying to insert 'strange' >> code into another of his so-called programs, which are little more > > strange code? It was 4 letters; a marker inside the executable. Not "code" > in any sense of the word; and nothing malicious about it either. The code > (drumroll please) was "FU4Q"; and had you read the thread you copy/pasted > from, you'd have understood it to be a cute message towards an old > associate of mine by the name of 4Q. Since the anon remailer entity is quoting 4Q who is referring to something I found, I'll chip in my tuppence worth. [quote] ...(and very recently a regular in alt.comp.virus "Ant" discovered a very suspicious technique used in the "blocked" ASIC malware, namely this signature --> "0xDCFCBCCD") [/quote] Those hex bytes were used to overwrite the "UPX!" signature which doesn't affect the execution in any way but prevents a stand-alone unpacking by the UPX utility using the decompress switch. You said, at the time, the obfuscation was a force of habit and used to deter script-kiddy reverse engineering. I also said, after a complete disassembly of the exe, that I hadn't found any malicious code. I didn't see an "FU4Q" string. Perhaps that was in a different executable?
From: Dustin Cook on 20 May 2010 21:25 "Ant" <not(a)home.today> wrote in news:he2dnXSLoYY9q2jWnZ2dnUVZ8sednZ2d(a)brightview.co.uk: > "Dustin Cook" wrote: > >> starwars <nonscrivetemi(a)tatooine.homelinux.net> wrote: >>> (Here in 2007, Raid/Dustin Cook is caught trying to insert 'strange' >>> code into another of his so-called programs, which are little more >> >> strange code? It was 4 letters; a marker inside the executable. Not >> "code" in any sense of the word; and nothing malicious about it >> either. The code (drumroll please) was "FU4Q"; and had you read the >> thread you copy/pasted from, you'd have understood it to be a cute >> message towards an old associate of mine by the name of 4Q. > > Since the anon remailer entity is quoting 4Q who is referring to > something I found, I'll chip in my tuppence worth. > > [quote] > ...(and very recently a > regular in alt.comp.virus "Ant" > discovered a very suspicious technique > used in the "blocked" ASIC malware, > namely this signature --> "0xDCFCBCCD") > [/quote] > > Those hex bytes were used to overwrite the "UPX!" signature which > doesn't affect the execution in any way but prevents a stand-alone > unpacking by the UPX utility using the decompress switch. > > You said, at the time, the obfuscation was a force of habit and used > to deter script-kiddy reverse engineering. I also said, after a > complete disassembly of the exe, that I hadn't found any malicious > code. That's correct. > I didn't see an "FU4Q" string. Perhaps that was in a different > executable? One version of the executable; I think, although I could be wrong; v1.8 had that for 4Q. Again, just a UPx! header overwrite.. Not "code" as this crazy individual seems to think. -- Feel free to steal this tagline!
|
Pages: 1 Prev: Raid/Dustin Cook - Common Criminal - Brags About Having Killed Two People Next: Dustin Cook - |