I mirror all the necessary info so the readers can do this themselves.I attempt to offer a more detailed description of my methods/logic as a pseudo-tutorial.Jose and I differed on some of the tools & techniques used.If you’ve read Jose’s post, this post may still be worth the read for several reasons: So while I present some of the same information as Jose, this duplication of information only came to my attention afterwords. I wasn’t aware of Jose Nazario’s post concerning this topic while I was conducting this research I had only been exposed to the Wired Threat Level article prior to researching. The malware has been taken down from these sites in order to prevent further propagation, but is offered below in a password protected archive for the reader to practice on. The domains found hosting malware have been notified (Ubuntu, ). ![]() ![]() If I have time, Part 2 will be some disassembly & debugging (both static and dynamic). Part 1 of this post will cover getting the malware, decoding it and scanning it. Update: this entry is now also a guest post over at my colleague Brett Hardin’s Miscellaneous Security blog. Update 2: mirrored malware links taken down.
0 Comments
Leave a Reply. |