Additionally to well known sandboxes like norman or CWsandbox there is a new one
out: Zero Wine. A Python written malware analyzing tool, doing: ”
1. Report: The complete raw report of all the APIs called by the malware. Hard to follow and hard to understand (a 10mb report is not uncommon).
2. Strings: Just the output of the typical unix command “stringsâ€.
3. File headers: All the information gathered from the PE using the library PEFile.
4. Signature: The signature report is an extract of the full raw report with the most interesting calls.”
It is an open sourceforge-project, so you might want to look at it. I personally like the output of cwsandbox a lot more.. 🙂
Archive for the ‘Allgemein’ Category
New Sandbox
Monday, December 29th, 2008CastleCops gone..
Sunday, December 28th, 2008Castlecops went offline. This active anti-phishing/anti-spam group will be missed in the fight against spam. Some of the content of their website has been moved to systemlookup, rumors on bugtraq say.
Article about keylogger
Thursday, December 18th, 2008A new analysis of dropzones, botnets and keyloggers (like “limbo”) have been published by Thorsten Holz, Markus Engelberth and Felix Freiling: Topic:
Learning More About the Underground Economy:
A Case-Study of Keyloggers and Dropzones
new security scanner
Wednesday, December 17th, 2008A new Version 2.0.0 of the security scanner OpenVAS has been announced for free download: http://www.openvas.org/ , a fork from the goold old Nessus Scanner. I’ll give it a try..
honeyd: insecure temporary file usage
Monday, December 15th, 2008There was a posting on the “Full Disclosure” mailing list showing that Dmitry E. Oboukhov reported an insecure temporary file usage within the “test.sh” script, leaving honeyd vulnerable to local attackers (at least for Gentoo Linux)
——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 net-analyzer/honeyd < 1.5c-r1 >= 1.5c-r1
Package / Vulnerable / Unaffected
——————————————————————-
1 net-analyzer/honeyd < 1.5c-r1 >= 1.5c-r1
Spamtraps – Posioning tools
Sunday, December 14th, 2008I found this nice collection of poisoning tools: Creates lot of email-addresses to feed spamtraps and to poison spam-sending bots.
Picture of NepenthesFE
Wednesday, December 10th, 2008
NepenthesFE
Wednesday, December 10th, 2008Are you running a nepenthes-honeypot and want to see what is going on? Try this visualizing software from Emre Bastuz and get som nice stats.
http://www.emre.de/wiki/NepenthesFE
Welcome to "spamversand.de"
Wednesday, December 10th, 2008This Blog will show some information about spam.
Setting up Honeypots, information about spamtraps and so on..
Occassionally you will find some information here which you might find useful (or not..:)