ICEBEAR.NET

tags

Firefox Mephisto Panormamio Web trend barcode biometrics blog blue pill browser content creditcard dataportability extension funny gecko google hawkins internet kvk linux malware mashup metro microsoft mobile music n80 nepenthes newyear no-www nokia panoramio paris password photography rating review rutkowska sans scrapbook security slax spin storm symbian technologie typo vi virus weather web2.0 web20 weblog youtube

Feed

Archives

• January 2008 (1)
• December 2007 (1)
• November 2007 (1)
• October 2007 (1)
• September 2007 (5)
• August 2007 (2)
• July 2007 (2)
• June 2007 (4)
• May 2007 (4)
• April 2007 (2)
• March 2007 (2)
• February 2007 (2)
• January 2007 (1)
• December 2006 (3)
• November 2006 (1)
• October 2006 (4)

Widgets

Blogroll

• BOK
• DaMarkus

Advertisement

The Evolution Of Malware Continues

Source: Internet.com / Andy Patrizio

Ever long for the good old days when all viruses did was stomp on the FAT table of your hard drive? Recently, McAfee’s Avert Labs encountered a new type of password stealer that uses Voice over Internet Protocol (VoIP) telephony provider Skype’s network to propagate. There is no vulnerability in the Skype service itself, the Trojan just uses the Skype network to move about, according to David Marcus, security research and communications manager at McAfee’s Avert Labs.

The Trojan, called PWS-JO by McAfee, Downloader by Symantec and Win32/Scypex.A by Microsoft, is considered low risk, as there are very few instances of it being found and all of the major antivirus programs will detect it. What it reflects, Marcus said, is that virus distribution has moved beyond just e-mail and Web links to a new network, in this case, VoIP.

Password stealing Trojan viruses grew by 240 percent this year, making them the largest genre of malware along with Botnets, according to an Avert Labs blog posting.

Personal zoo with unknown and known malware

Browsing though my regular websites I found this the list made by Pedro Bueno a Handler at SANS. Seeing this I thought I publish a similar list of all my collected malware so here you go and try to find the 10 differences :)

All malware listed here have a unique MD5 hash this from stopping duplicate entries.Most of these files have all been discovered by my local nepenthes honeypot, some where send to the domain via mail and others where collected via other sources.

The total of malware on my zoo on 2006-11-17 is 793
The total of known malware on 2006-11-17 is 657
The total of unknown malware on 2006-11-17 is 136

Format:
Know-DATE (YEAR-MM-DAY) are already detected by ClamAV
Unknown-DATE is the file with malware not yet identified by ClamAV
Mallist-DATE is the file with count and malware name.

For AV Companies only: The samples are free available under request. Contact: peter [at] icebear . net

known-2006-11-17.txt
unknown-2006-11-17.txt
mallist-2006-11-17.txt

Nepenthes Honeypot

I’ve been running Nepenthes on my system since August 10th and I’ve been able to capture until now 44 infections with various kinds of malware. Of these 44 infections there are 28 unique versions off malware. Unfortunately my Internet access provider is still filtering my traffic from the internet on ports 445 and 139 to my honeypot. If this wasn’t the case the number off infections made to this machine would possible be a lot higher then the 44 infections currently in the database. The version of nepenthes I’m running is the one that comes out of the Subversion repository because this one has postgreSQL connection for storing al the data in my database. Most of the samples I collect this way are submitted to some antivirus vendors and to the database of Offensive Computing.

XHTML | CSS
Top

Initial Template design by Six Shooter Media. Adjusted for Mephisto by me. Monitored by mon. itor. us

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License