Skip navigation.
Home

Research

Antivirus test

|

I have some friends that have found some new antivirus programs Vipre from Sunbelt Software is one, and I would like to test it against other antivirus programs like Norton's, Kaspersky, McAfee and others. I would be willing when I have completed these test post the results.

The main thing I would like to know is how you would feel would be the best way to go about the test. Should I infect the VM first then install the AV, or install the AV then install some viruses?

What would you suggest as far as viruses I should use in the test?

Chrome do not use hosts file...

|

does there any other file that Google Chrome use instead hosts?

Conficker.C domain list for 1st April 2009

|

http://www.annysoft.com/confi/Domains_Conficker.C.txt

by Taneja Vikas
http://www.annysoft.com

BBC Botnet sample

| |

Hi There,

I would very much like to get a sample of the Botnet that was bought by the BBC program "Click"
http://www.governmentsecurity.org/SecurityHackingNews/BBC_Click_s_Pointless_Unethical_Botnet_usage
I was hoping if someone could post the sample here. Much appreciate the hardwork by everyone here.

Sorry could not find the MD5 of this file, otherwise would have tried to search for it.

Reversing DLL

|

hi,

Can any1 point me to Reversing Dll and some advance malware analysis tutorials.
I am new to malware analysis and stuffs that I read not sufficient in analyzing latest malware and dlls.

Thanks

Why anti mal* is doing it wrong

I had a presentation the other day at UNM on some of the work that I had done two years ago. It's fascinating that there is such a renewed interest.

A. Kozakiewicz, A. Felkner, P. Kijewski, and T. Kruk published a paper (4/2007) after my DefCon presentation entitled "Application of bioinformatics methods to recognitio of network threats." The conclusion of this paper was that these the bioinformatics techniques seem to have less resistance to polymorphism, however I maintain that was because of the simplicity of the scoring function they considered.

One of the starting papers in the field of using nature as a way to figure out how to do things correctly was a 1994 paper "Principles of a Computer Immune System" by A. Somayaji, S. Hofmeyr, and S. Forrest. This spends a lot of time considering the acquired immune system.

So, how does nature do things differently than anti mal*? There's a lot out there on this topic. I'd like to advance two points I've not seen elsewhere:

  • Natural systems don't "root" the individual hosts, but the hosts provide enough information (via MHC II molecules) to an immutable status of what each host is doing. Anti-mal* is the opposite, wanting hooks into everything and itself being readily disabled.
  • There is no hesitation to kill hosts that are suspected infected. Among many destruct mechanism is the FAS ligand activation pathway. Think of this as a lever on the outside that automatically shreds the cell and makes it easy for the acquired immune system to improve future defense. Note again that the cell is shredded; there is no "root" required for post mortem forensics.

These are just some ideas. I hope to be getting them together in a formal paper sometime soon. I look forward to comments.

Yahoo messenger spam worm ?!

|

I started receiving spam messages from my yahoo messenger contacts. They are like this:

"This is like a dream come true for me and my Jenny. We both are living proof that Acai pills work to lose weight quick, we both lost over 30 pounds and still losing, no diet or excercise they just burn the fat off. Get them now for only five dollars at http://losebest.com"

or

BotNets -Introduction

|

I have been reading about Botnets recently.
What I understand from the basic information available

Looking for Waledec sample

| |

Hi,

does anybody happen to have a sample of Waledec (bot)?

Thanks

Zerowine: Dumping malware and detection of antivm and antidebug

| |

I released a new version of Zerowine, a QEmu+Wine based malware auto-analysis tool. In this version I added support to dump the malware from memory while running. The dumps can also be downloaded for later analysis with IDA Pro.

The other feature I added is the ability to detect both anti-debugging and anti-vm techniques. The detection of anti-debugging techniques is done by analyzing the APIs called by the malware while the anti-vm detection is done by looking for patterns in both the packed version of the malware (the original one) and the unpacked (memory dump) version of the malware.

You can download the latest version of Zerowine as a Prebuilt QEmu virtual machine (you can convert it to one VMWare image if you prefer using the help found in this blog) or in source code form.

Update: I fixed the issue with the corrupted image. I uploaded a new working one and the MD5Sum.

Cheers!

Syndicate content