| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040603135003.GQ50382@r4k.net> From: _ at r4k.net (Stephanie Wehner) Subject: analysis (more worms wanted :) ) Hi, First of all, thanks to everyone who provided me with worms as a response to my last email. So far I have analyzed the executables (or scripts) of worms, where my aim was to determine the familiy of an unknown worm. (different versions of the same worm form a family) This worked quite well, for example for Sasser D as input, it was easy to tell that it belongs to the Sasser family. You can view some pictures at http://www.cwi.nl/~wehner/worms, where you can also find more information about the approach I used. Note that this is *work in progress*. I'm looking for more worms to analyze. Unfortunately I don't have any lab setup/multiple machines/ips to collect them easily. (This is a fun project, my main area of research lies elsewhere.) I have also looked at network traffic, which works quite well for general traffic. I will post more about this on my webpage in the near future. However, I am now especially looking for traffic generated by worms. :) Thanks, Stephanie --<> _@....net <>------------------<> FreeBSD <>------------------- #3 - Anime Law of Sonic Amplification, First Law of Anime Acoustics In space, loud sounds, like explosions, are even louder because there is no air to get in the way.
Powered by blists - more mailing lists