Section: .. / papers / virus /
| /// File Name: |
malware.pdf |
Description:
|
Whitepaper entitled "Anatomy of a Malware". A tutorial that was created to educate people on how a simple piece of malware works.
| | Author: | Nicolas Falliere | | File Size: | 48483 | | Last Modified: | Jan 13 19:08:06 2007 |
| MD5 Checksum: | 0c505de3a11f6f53a4679b6c0b100a10 |
|
| /// File Name: |
vrg01.html |
Description:
|
Interesting write up discussing the infection of Mach-O files including a link to the MachoMan virus.
| | Author: | roy g biv | | Homepage: | http://vx.netlux.org/lib/vrg01.html | | File Size: | 9471 | | Last Modified: | Nov 7 00:54:03 2006 |
| MD5 Checksum: | f24ef57ac688b677b0d4207e5cbb650f |
|
| /// File Name: |
Taking_Back_Netcat.pdf |
Description:
|
While there are some easy ways of changing the antivirus signature of a program (packers, encryptors, etc), they may not always be viable options for those wishing to bypass antivirus applications. This paper will show how to locate the signature used to identify Netcat, and modify it so that the executable no longer matches Symantec's AV signature, without interfering with any of the program's functionality. This is an exercise in identifying and modifying sections of code (aka, signatures) that are used by antivirus programs to identify malicious code; the tools and techniques used here can be applied to any program that is marked as malicious by AV applications.
| | Author: | Craig Heffner | | Homepage: | http://www.craigheffner.com/ | | File Size: | 245909 | | Last Modified: | Sep 7 04:12:17 2006 |
| MD5 Checksum: | 595c987f017f5351e9fbd2d609a5acc0 |
|
| /// File Name: |
mobilethreats.tgz |
Description:
|
Whitepaper entitled "Summary of Mobile Threat For Year 2005" that provides a detailed analysis of mobile malware and a full understanding of how such virii propagate. Also included is CalvinStinger.SIS which is a disinfection tool for the Symbian S60 platform.
| | Author: | Calvin Tang | | Homepage: | http://www.pipx.net/calvinstinger | | File Size: | 536907 | | Last Modified: | Apr 30 00:45:39 2006 |
| MD5 Checksum: | 1abc86f2a88b24e42e700d09e266e680 |
|
| /// File Name: |
EJohansen_VB2005.tgz |
Description:
|
Whitepaper as well as presentation slides entitled 'Anti-Virus in the Wild' that were presented at the Virus Bulletin 2005 conference in Dublin, Ireland.
| | Author: | Eric Johansen | | Homepage: | http://www.malwareblog.com/ | | File Size: | 1556005 | | Last Modified: | Oct 8 14:21:07 2005 |
| MD5 Checksum: | 2eb9fce04803b5a48cb675c3a107e235 |
|
| /// File Name: |
bofra_overview.txt |
Description:
|
Brief analysis of the Bofra, aka MyDoom.AG/AH, worm that was first discovered circulating in the wild November 8th.
| | Author: | Bryan Burns | | File Size: | 7826 | | Last Modified: | Nov 20 16:56:06 2004 |
| MD5 Checksum: | 1ada5872347d870822aec9f3feb880b6 |
|
| /// File Name: |
grams.html |
Description:
|
Full analysis of the Win32.Grams trojan. It differs from previous E-Gold phishing trojans in that it does not steal credentials instead uses the victim's own browser to siphon all the E-Gold directly from their account to another E-Gold account, using OLE automation. This would completely bypass all the new authentication methods financial institutions are using to thwart keystroke loggers/password stealers, because the trojan simply lets the user do the authentication, then takes over from there.
| | Author: | Joe Stewart | | Homepage: | http://www.lurhq.com/grams.html | | File Size: | 9002 | | Last Modified: | Nov 12 19:43:06 2004 |
| MD5 Checksum: | 595a24440e3a2c58515e37bc9c53b38e |
|
| /// File Name: |
decompression-bomb-vulnerability.ht..> |
Description:
|
Research on the various reactions of anti-virus software against decompression bombs. Has a thorough comparison chart and is definately a good read.
| | Author: | Dr. Peter Bieringer | | Homepage: | http://www.aerasec.de | | File Size: | 70493 | | Last Modified: | Feb 3 17:34:00 2004 |
| MD5 Checksum: | 2e46ee8734eb62ab02051b6832e2d55b |
|
| /// File Name: |
intrusion-agent.pdf |
Description:
|
White paper discussing methodologies for accessing internal networks using HTTP tunneling and tricking end users.
| | Author: | Frederic Charpentier | | File Size: | 915795 | | Last Modified: | Aug 25 22:37:28 2003 |
| MD5 Checksum: | ccd40eb358c1a868a3672f6b1af39a1a |
|
| /// File Name: |
virus-writing-HOWTO-2003-01-08.tar...> |
Description:
|
The Linux Virus Writing HOWTO describes how to write parasitic file viruses which infect ELF executables on Linux/i386. Contains a lot of source code. Every mentioned infection method is accompanied with a practical guide to detection.
| | Author: | Alexander Bartolich | | Homepage: | http://www.lwfug.org/~abartoli/virus-writing-HOWTO/_html/ | | Changes: | Added a rewritten segment scanner in C, added support for 64-bit ELF, and a fix for an embarrassing bug in the table of used RPM packages. The document is finished up to "Segment padding infection"; all the following chapters are probably broken. | | File Size: | 142774 | | Last Modified: | Jan 21 02:53:18 2003 |
| MD5 Checksum: | 71a20160c5a66f2cabb26243a5d9bc0b |
|
| /// File Name: |
virus-writing-HOWTO-2002-08-15.tar...> |
Description:
|
The Linux Virus Writing HOWTO describes how to write parasitic file viruses which infect ELF executables on Linux/i386. Contains a lot of source code. Every mentioned infection method is accompanied with a practical guide to detection.
| | Author: | Alexander Bartolich | | Homepage: | http://www.lwfug.org/~abartoli/virus-writing-HOWTO/_html/ | | Changes: | A port to Debian GNU/Linux on SPARC was started. "The magic of the Elf" and "The language of evil" are finished. | | File Size: | 95350 | | Last Modified: | Aug 21 02:33:59 2002 |
| MD5 Checksum: | 05d3c473e0046d473f4ea4763ac6d456 |
|
| /// File Name: |
200201p.txt |
Description:
|
"Techniques a worm might use to be harder to locate" is a look at how worms may evolve to be harder to locate on a infected computer. It begins very simple to build up to some ideas that are quite complex. Includes example source code written in Perl.
| | Author: | One Semicolon | | Homepage: | http://onesemicolon.cjb.net | | File Size: | 35736 | | Last Modified: | Mar 6 01:55:07 2002 |
| MD5 Checksum: | 8283bc6a78e7a27bb5b76906b3f53bca |
|
| /// File Name: |
future.of.viruses.txt |
Description:
|
The future of viruses and operating systems.
| | Author: | Nucleii | | File Size: | 35320 | | Last Modified: | Mar 6 01:19:25 2002 |
| MD5 Checksum: | 3db99393c0c1debcbdee9a0763ed6add |
|
| /// File Name: |
trojans.txt |
Description:
|
Trojans: what they are, different kinds of trojans (RATs, keyloggers, password trojans etc') for Unix and Windows, how to look out for trojans and defeat them etc'. Everything you always wanted to know about trojans but were afraid to ask (in fear of appearing to be lame).
| | Author: | Raven and The Maniac | | File Size: | 14843 | | Last Modified: | Dec 8 17:00:37 1999 |
| MD5 Checksum: | 0f8e710a84fb9589d2a474cae91d55cd |
|
| /// File Name: |
alife.ps |
Description:
|
Computer Viruses as Artificial Life: A consideration of computer viruses as artificial life - self-replicating organisms
| | File Size: | 142937 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 1ae4b7f4e2c8c0a58b24fec542d0949b |
|
| /// File Name: |
faq.txt |
Description:
|
Frequently Asked Questions on VIRUS-L/compvirus
| | File Size: | 84745 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 7412ddeb7e54a0b7d2ed6a5c271b8a7b |
|
| /// File Name: |
fedeli.txt |
Description:
|
Organizing a Corporate Anti-Virus Effort: A description of how IBM Corp has learned to cope with computer viruses and related threats
| | File Size: | 26215 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | bdf9b82624634ee5f92eb097c5b3f1a7 |
|
| /// File Name: |
iworm1.ps |
Description:
|
The Internet Worm Program: An Analysis: A description of the algorithms used by the Internet Worm program of November 2, 1988
| | File Size: | 282906 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | c0d479a69e22b9cccabb87e09c2c27d6 |
|
| /// File Name: |
iworm2.ps |
Description:
|
The Internet Worm Incident A description of the events involved in the Internet Worm of November 2, 1988
| | File Size: | 172872 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 04180e544e3e66c42024ae11bb21a588 |
|
| /// File Name: |
mallogic.ps |
Description:
|
An Overview of Computer Viruses in a Research Environment: An examination of computer viruses as malicious logic in a research and development environment and current techniques in controlling the threats of viruses and other malicious logic programs
| | File Size: | 155594 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 10ec3e77faaea27ad419771194e5e9d7 |
|
| /// File Name: |
mgtguide.ps |
Description:
|
Computer Viruses and Related Threats: A Management Guide: Guidelines for preventing, deterring, containing, and recovering from attacks of viruses and related threats A report from the US National Institute of Standards and Technology
| | File Size: | 307906 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 47d56f237d81b1397a74121bb2526d2a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
