Archive for December, 2008

New Sandbox

Monday, December 29th, 2008

Additionally to well known sandboxes like norman or CWsandbox there is a new one
out: Zero Wine. A Python written malware analyzing tool, doing: ”
1. Report: The complete raw report of all the APIs called by the malware. Hard to follow and hard to understand (a 10mb report is not uncommon).
2. Strings: Just the output of the typical unix command “strings”.
3. File headers: All the information gathered from the PE using the library PEFile.
4. Signature: The signature report is an extract of the full raw report with the most interesting calls.

It is an open sourceforge-project, so you might want to look at it. I personally like the output of cwsandbox a lot more.. 🙂

CastleCops gone..

Sunday, December 28th, 2008

Castlecops went offline. This active anti-phishing/anti-spam group will be missed in the fight against spam. Some of the content of their website has been moved to systemlookup, rumors on bugtraq say.

Article about keylogger

Thursday, December 18th, 2008

A new analysis of dropzones, botnets and keyloggers (like “limbo”) have been published by Thorsten Holz, Markus Engelberth and Felix Freiling: Topic:

Learning More About the Underground Economy:
A Case-Study of Keyloggers and Dropzones

new security scanner

Wednesday, December 17th, 2008

A new Version 2.0.0 of the security scanner OpenVAS has been announced for free download: http://www.openvas.org/ , a fork from the goold old Nessus Scanner. I’ll give it a try..

honeyd: insecure temporary file usage

Monday, December 15th, 2008

There was a posting on the “Full Disclosure” mailing list showing that Dmitry E. Oboukhov reported an insecure temporary file usage within the “test.sh” script, leaving honeyd vulnerable to local attackers (at least for Gentoo Linux)

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 net-analyzer/honeyd < 1.5c-r1 >= 1.5c-r1

Spamtraps – Posioning tools

Sunday, December 14th, 2008

I found this nice collection of poisoning tools: Creates lot of email-addresses to feed spamtraps and to poison spam-sending bots.

Picture of NepenthesFE

Wednesday, December 10th, 2008

NepenthesFE

Wednesday, December 10th, 2008

Are you running a nepenthes-honeypot and want to see what is going on? Try this visualizing software from Emre Bastuz and get som nice stats.

http://www.emre.de/wiki/NepenthesFE

Welcome to "spamversand.de"

Wednesday, December 10th, 2008

This Blog will show some information about spam.

Setting up Honeypots, information about spamtraps and so on..

Occassionally you will find some information here which you might find useful (or not..:)