Irregular Expressions:

May, 2011


May 29, 2011  1:31 AM

Another great isc blog post



Posted by: Dan O'Connor

http://isc.sans.org/diary.html?storyid=10933

May 29, 2011  1:26 AM

Video break



Posted by: Dan O'Connor
pbs, pbs video, wikileaks

It does not matter what your opinion is, you just need to watch this. http://video.pbs.org/video/1946795242


May 29, 2011  12:47 AM

Zeus code walkthrough – Part 4



Posted by: Dan O'Connor
zeus analysis, zeus botnet, zeus source code, zeus walkthrough

Next we need to build our bot, and configure it. This is the zsb.exe file, point it at the config.txt.  The IP address of the server will need to be set, and the key configured. For bonus points, you can use the zsb.exe to check if the host you are running it on is infected.  But you will...


May 29, 2011  12:15 AM

Zeus code walkthrough – Part 3



Posted by: Dan O'Connor
zeus analysis, zeus botnet, zeus source code, zeus walkthrough

If all has gone well you should be able to get the install screen. Uploaded with

Bookmark and Share     0 Comments     RSS Feed     Email a friend


May 28, 2011  12:44 AM

Zeus code walkthrough – Part 2



Posted by: Dan O'Connor
zeus analysis, zeus botnet, zeus source code, zeus walkthrough

If you are following at home you are going to need to install some webby stuff on your "server". I am going to use XAMPP. Also your machines are going to need to be able to talk, so make sure you are all setup.  Using VMWare I setup a network that only the server and the machine that is...


May 25, 2011  10:25 PM

Zeus code walkthrough – Part 1



Posted by: Dan O'Connor
zeus analysis, zeus botnet, zeus source code, zeus walkthrough

I am going to step through the Zeus bot source code.  I will start with the PHP stuff, which should be pretty light.  There is about 44 PHP files to go over.

> find . -type f -name...


May 24, 2011  10:02 PM

Zues packing list



Posted by: Dan O'Connor
zues bot net, zues rar

So what was in the Zues rar? 7z.exe - Looks clean, nothing reported on it. bt.exe - Listed as suspicious but nothing specific by any vendor. upx.exe - Nothing reported. FASM.exe - Listed as suspicious but nothing specific by any vendor. php.exe - Nothing reported. zip.exe -...


May 18, 2011  11:40 PM

More Mac fake AV stuff



Posted by: Dan O'Connor
mac fake av, sophos mac fake av video, sophos videos

http://nakedsecurity.sophos.com/2011/05/18/malware-on-your-mac-dont-expect-applecare-to-help-you-remove-it/


May 18, 2011  11:11 PM

Not to be left out



Posted by: Dan O'Connor
fake av, fake av mac, paypal wikileaks

http://www.macrumors.com/2011/05/02/new-macdefender-malware-threat-for-mac-os-x/ You can now get your very own fake AV for your Mac. So far no one has reported anything deeply malicious, it just...


May 17, 2011  10:53 PM

Surprised?



Posted by: Dan O'Connor
links

It's really nice to have someone that is truly honest. http://www.theregister.co.uk/2011/05/12/fbi_protects_isps/ That quote from the FBI agent will stay with me for a long time. This will be interesting to follow, I really think that information should be like this.  I can see how a...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: