
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML><HEAD><TITLE>Re: [Full-Disclosure] And you're proud of this Mike Evanchick?</TITLE>

<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">

<META content="MSHTML 6.00.3790.1289" name=GENERATOR>

<STYLE></STYLE>

</HEAD>

<BODY bgColor=#ffffff>

<DIV><FONT face=Arial size=2>Let me put this lighter,</FONT></DIV>

<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>

<DIV><FONT face=Arial size=2>WRONG</FONT></DIV>

<DIV><FONT face=Arial size=2>&nbsp;</FONT></DIV>

<DIV><FONT face=Arial size=2>I created this code first using KNOWN virus 

strings.&nbsp; It would be trivial to use different code that is not 

detected,</FONT></DIV>

<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>

<DIV><FONT face=Arial size=2>Mike</FONT></DIV>

<DIV><FONT face=Arial size=2><A 

href="http://www.michaelevanchik.com">www.michaelevanchik.com</A></FONT></DIV>

<DIV>&nbsp;</DIV>

<BLOCKQUOTE dir=ltr 

style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">

  <DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>

  <DIV 

  style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B> 

  <A title=michaelr@cisco.com href="mailto:michaelr@cisco.com">Michael 

  Reilly</A> </DIV>

  <DIV style="FONT: 10pt arial"><B>To:</B> <A title=toddtowles@brookshires.com 

  href="mailto:toddtowles@brookshires.com">Todd Towles</A> </DIV>

  <DIV style="FONT: 10pt arial"><B>Cc:</B> <A 

  title=full-disclosure@lists.netsys.com 

  href="mailto:full-disclosure@lists.netsys.com">full-disclosure@lists.netsys.com</A> 

  </DIV>

  <DIV style="FONT: 10pt arial"><B>Sent:</B> Wednesday, December 29, 2004 3:50 

  PM</DIV>

  <DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [Full-Disclosure] And you're 

  proud of this Mike Evanchick?</DIV>

  <DIV><BR></DIV><!-- Converted from text/plain format -->

  <P><TT><FONT size=2>Couldn't help seconding this.&nbsp; I do not understand 

  the purpose of he<BR>original message.&nbsp; I think Norton/Symantec did a 

  good job.<BR><BR>michael<BR>Todd Towles wrote:<BR>&gt; Sounds like you need AV 

  and a bit of network security. If you are scared<BR>&gt; of IRC trojans and 

  detectable viruses..then your time would be better<BR>&gt; spent putting those 

  systems into place. Don't you think?<BR>&gt;<BR>&gt;<BR>&gt; 

  ________________________________<BR>&gt;<BR>&gt; 

  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; From: <A 

  href="mailto:full-disclosure-bounces@lists.netsys.com">full-disclosure-bounces@lists.netsys.com</A><BR>&gt; 

  [<A 

  href="mailto:full-disclosure-bounces@lists.netsys.com">mailto:full-disclosure-bounces@lists.netsys.com</A>] 

  On Behalf Of Elle<BR>&gt; Chicka<BR>&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Sent: 

  Monday, December 27, 2004 11:16 PM<BR>&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; To: 

  full-disclosure@lists.netsys.com<BR>&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 

  Subject: [Full-Disclosure] And you're proud of this Mike<BR>&gt; 

  Evanchick?<BR>&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR>&gt; 

  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR>&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; You so 

  proudly posted this:<BR>&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 

  ------------------------<BR>&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR>&gt; <A 

  href="http://securityresponse.symantec.com/avcenter/venc/data/trojan.phel.a.ht">http://securityresponse.symantec.com/avcenter/venc/data/trojan.phel.a.ht</A><BR>&gt; 

  ml<BR>&gt; 

  &lt;https://mail.microsoft.com/exchweb/bin/redir.asp?URL=http://securityres<BR>&gt; 

  ponse.symantec.com/avcenter/venc/data/trojan.phel.a.html&gt;<BR>&gt; 

  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR>&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 

  mike<BR>&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR>&gt; 

  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; www.michaelevanchik.com<BR>&gt; 

  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR>&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 

  ------------------------<BR>&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Obviously you 

  are just tickled to see that the kiddies were able<BR>&gt; to so quickly turn 

  your point/click sploit code into a virus to wreak<BR>&gt; havoc on my 

  network.<BR>&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR>&gt; 

  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Thanks a lot for helping to make all of us a 

  little less secure<BR>&gt; over the holiday's.<BR>&gt; 

  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR>&gt;<BR>&gt; 

  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 

  __________________________________________________<BR>&gt; 

  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Do You Yahoo!?<BR>&gt; 

  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Tired of spam? Yahoo! Mail has the best spam 

  protection around<BR>&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <A 

  href="http://mail.yahoo.com">http://mail.yahoo.com</A><BR>&gt;<BR>&gt;<BR>&gt;<BR>&gt;<BR>&gt; 

  ------------------------------------------------------------------------<BR>&gt;<BR>&gt; 

  _______________________________________________<BR>&gt; Full-Disclosure - We 

  believe in it.<BR>&gt; Charter: <A 

  href="http://lists.netsys.com/full-disclosure-charter.html">http://lists.netsys.com/full-disclosure-charter.html</A><BR><BR>--<BR>---- 

  ---- ----<BR>Michael Reilly&nbsp;&nbsp;&nbsp; 

  michaelr@cisco.com<BR>&nbsp;&nbsp;&nbsp;&nbsp; Cisco Systems,&nbsp; 

  California<BR>_______________________________________________<BR>Full-Disclosure 

  - We believe in it.<BR>Charter: <A 

  href="http://lists.netsys.com/full-disclosure-charter.html">http://lists.netsys.com/full-disclosure-charter.html</A></FONT></TT> 

  </P></BLOCKQUOTE></BODY></HTML>