[MPlayer-dev-eng] A very funny website

Gábor Lénárt lgb at lgb.hu
Sat Jun 22 18:29:37 CEST 2002


ROTFL :) AFAIK this is a virus, not sent by a people but by a virus itself
from a people infected by this virus and having the list address in the
addressbook which is used by the virus to send copies out to try to infect
other computers.

Sorry, I'm working with viruses a lot (at Veszprog Ltd for example), but
that time was about mainly DOS viruses, so my knowledge on virus reverse
engineering etc is quite outdated, and I haven't taken care about viruses
since I'm using only Linux/UNIX :)


On Thu, Jun 20, 2002 at 10:41:45PM +0200, Clemens Wächter wrote:
> On Thu, 20 Jun 2002 10:09:33 +0800 (CST)
> webmaster <webmaster at dcview.com.tw> wrote:
> 
> > This is a very funny website
> > I wish you would like it.
> 
> Hm polite people say HELO...

:)
 
> Well I've looked into the files you sent us. 
> But I had quite some problems opening the
> INSTALLD.exe file.
> 
> clw at Nebuchadnezzar:~# ./INSTALLD.exe
> bash: ./INSTALLD.exe: Permission denied
> clw at Nebuchadnezzar:~# chmod +x INSTALLD.exe 
> clw at Nebuchadnezzar:~# ./INSTALLD.exe 
> bash: ./INSTALLD.exe: cannot execute binary file
> 
> very strange... Well sorry I could not run your
> program. So I decided to look somewhat deeper into
> it
> 
> clw at Nebuchadnezzar:~# less INSTALLD.exe 
> 
> Then the file revealed its contents...
> 
> MZ<90>^@^C^@^@^@^D^@^@^@<FF><FF>^@^@<B8>^@^@^@^@^@^@^@@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@<D8>^@^@^@^N^_<BA>^N^@<B4> <CD>!<B8>^AL<CD>!This program cannot be run in DOS
>  mode.^M

Yeah, this is EXE format ('MZ', it's less known, but 'ZM' should also work :)

> Well I haven't read such data for a long time now... 
> cannot be run in DOS mode means we have a Windows executable here.
> But why? We are on a linux media player list. So could you please
> send us a Linux port of it?

So we should a virus port to Linux?? :)

> 
> ^@^@^@DATA 
> ^@HELO %s
> ^@^@^@>
> ^@MAIL FROM: <^@^@^@^@RCPT TO:<^@^@^@%d^@^@     
> 
> What is this? Are you trying to send us a mailer program instead of a website? 
> Well I thought for about 1.82 seconds till my memory returned. I have heard
> of such a thing as a E-Mail virus. But if I consider the size of it..
> 114.8 kb octet stream is something very big. Well I know viruses that fit well
> into 800 bytes. Can this really be a virus?


:) You're right, this is the part virus sends out itself, though I've never
checked nowdays' viruses. Well, world is about changing. With growing size
of storage requirements, not only your windows XP require several Gbytes of
disk spaces, but also viruses ... I've had even only 53 byte long virus.
Good old days ...

> Well we have to guess so. Is it Windows XP ready? (it should be so, at least 
> its size makes me think this.) But I have found another thing I did not really
> like:
> 
> ^@^@^@^@Microsoft Visual C++ Runtime Library^@^@^@^@
> 
> Since when are you seriously writing Viruses in C++?

As I've said: world is about changeing ...

> Real viruses are done in assembler even if they contain
> everyting but a kitchen sink. This makes them more efficient
> and most important: small. 

You're right. BUT, who cares a few 100K of virus code, when the "OS" itsef
(windows) requires almost several Gbytes nowdays ?! Nobody ... ;-(

> If you use good old assembler for programming this you can
> fit something like a hard disk formatting routine with 
> graceful error handling and the like into less than 600 bytes
> and you have enough space left for other things. 
> I haven't tried writing a mailer routine yet but since you
> can send mails by just typing the mails source into
> a telnet client I guess you can well do that in 5 kb.
> And most certainly you can do that even a whole lot better.
> 
> 
> So please try again. And this time write it for Linux. Its
> gotten very boring here without viruses. And since my money
> doesnt grow on trees I cant pay a fortune for a OS just to
> execute a simple virus.
> 
> How shocking. Years ago the only thing which made a difference
> between a virus and Windows was that the virus was efficiently written.
> But nowadays even this semms to be not true anymore.
> 
> All this applies to the [MPlayer-dev-eng] Fw:mplayer-dev-eng,introduction on ADSL
> mail from sgoethel, too.
> 
> 
> With kind regards
> Clemens Wächter
> 
> 
> 
> _______________________________________________
> MPlayer-dev-eng mailing list
> MPlayer-dev-eng at mplayerhq.hu
> http://mplayerhq.hu/mailman/listinfo/mplayer-dev-eng

-- 
- Gábor



More information about the MPlayer-dev-eng mailing list