Found one PackBot.p
md5sum : 4880165cef39e60fa85fe32b801bc33e
I'm currently involved in doing some forensic analysis with Helix, and I was hoping someone in the forum could point me in the direction of a good md5 list for common malware (sdbot/gaobot/mytob variants, general worms, virii, etc.) Any help would be appreciated.
Two linux malware in zip.
session: infected: Backdoor.Linux.Keitan.c
derfig: infected: Net-Worm.Linux.Mare.e
I'm looking for OSX.Leap.A malware "latestpics.tgz"
Does someone have this one?
Offensive Computing is forming an alliance with Hakin9 magazine. Look for future comments and article reviews, etc.
hakin9 is a magazine about hacking and IT security, covering techniques of breaking into computer systems, defence and protection methods. Our magazine is useful for all those interested in hacking – both professionals (system administrators, security specialists) and hobbyists. The magazine is of Polish origin, it's also translated and published in other countries and language versions.
hakin9 offers an in-depth look at both attack and defense techniques and concentrates on difficult technical issues.
Don't know how many of you follow the Malware Quiz series that comes out of ISC@SANS but Pedro Bueno has released #6 in the series, and this time it's on the Linux platform.
Checkout all the details here.. http://handlers.sans.org/pbueno/ma6.html
EDIT BY VALSMITH;
UPDATE: Apparently there has been some new stuff going on related to this post. A "variant" seems to have come out recently. Information can be found on the DailyDave mailing list in a post by Gadi Evron. If someone comes across a copy of this new varient I'd love to see it.
Creates registry keys:
Listens on TCP port 1034
AntiVir Found Worm/Mydoom.M
ArcaVir Found Worm.Mydoom.M
Avast Found Win32:Mydoom-M
AVG Antivirus Found I-Worm/Mydoom.O
BitDefender Found Win32.Mydoom.M@mm
ClamAV Found Worm.Mydoom.M
Dr.Web Found Win32.HLLM.MyDoom.49
F-Prot Antivirus Found W32/Mydoom.O@mm
Fortinet Found W32/Mydoom.N-mm
Kaspersky Anti-Virus Found Email-Worm.Win32.Mydoom.m
PACKER: FSG v2
REF: Submitted by MythX
DATE FOUND: 02/14/06
VECTOR: OC Submission
THREAT: TrojanHaxdoor (as identified by multiple AV Vendors)
CME #: N/A
SIZE (Pack) 12.7 KB
Size (Unpack) 97.0 KB
UUEncodes itself to get around some MIME filters.
AntiVir Found Worm/KillAV.GR
ArcaVir Found Worm.Vb.Bi
Avast Found Win32:VB-CD
AVG Antivirus Found Worm/Generic.FX
BitDefender Found Win32.Nyxem.E@mm
ClamAV Found Worm.Nyxem.E
Dr.Web Found Win32.HLLM.Generic.391
F-Prot Antivirus Found W32/Kapser.A@mm
Fortinet Found nothing
Kaspersky Anti-Virus Found Email-Worm.Win32.Nyxem.e
NOD32 Found Win32/VB.NEI
Norman Virus Control Found Small.KI@mm
UNA Found I-Worm.VB
VBA32 Found Email-Worm.Win32.VB.bi