lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: _ at r4k.net (Stephanie Wehner)
Subject: analysis (more worms wanted :) )

Hi,

First of all, thanks to everyone who provided me with worms as a
response to my last email.

So far I have analyzed the executables (or scripts) of worms, where
my aim was to determine the familiy of an unknown worm. (different 
versions of the same worm form a family) This worked quite well, for
example for Sasser D as input, it was easy to tell that it belongs to
the Sasser family. 

You can view some pictures at http://www.cwi.nl/~wehner/worms, where
you can also find more information about the approach I used.
Note that this is *work in progress*. I'm looking for more worms
to analyze. Unfortunately I don't have any lab setup/multiple machines/ips
to collect them easily. (This is a fun project, my main area of research
lies elsewhere.)

I have also looked at network traffic, which works quite well for general
traffic. I will post more about this on my webpage in the near future. 
However, I am now especially looking for traffic generated by worms. :)

Thanks,
Stephanie

--<> _@....net <>------------------<> FreeBSD <>-------------------
#3 - Anime Law of Sonic Amplification, First Law of Anime Acoustics
In space, loud sounds, like explosions, are even louder because
there is no air to get in the way.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ