Another great isc blog post
Profile: Dan O'Connor
http://isc.sans.org/diary.html?storyid=10933
0 Comments
RSS Feed
Email a friend
Video break
Profile: Dan O'Connor
It does not matter what your opinion is, you just need to watch this. http://video.pbs.org/video/1946795242
0 Comments
RSS Feed
Email a friend
Zeus code walkthrough – Part 4
Profile: Dan O'Connor
Next we need to build our bot, and configure it. This is the zsb.exe file, point it at the config.txt. The IP address of the server will need to be set, and the key configured. For bonus points, you can use the zsb.exe to check if the host you are running it on is infected. But you will...
0 Comments
RSS Feed
Email a friend
Zeus code walkthrough – Part 3
Profile: Dan O'Connor
If all has gone well you should be able to get the install screen.
Uploaded with
0 Comments
RSS Feed
Email a friend
Zeus code walkthrough – Part 2
Profile: Dan O'Connor
If you are following at home you are going to need to install some webby stuff on your "server". I am going to use XAMPP. Also your machines are going to need to be able to talk, so make sure you are all setup. Using VMWare I setup a network that only the server and the machine that is...
0 Comments
RSS Feed
Email a friend
Zeus code walkthrough – Part 1
Profile: Dan O'Connor
I am going to step through the Zeus bot source code. I will start with the PHP stuff, which should be pretty light. There is about 44 PHP files to go over.
> find . -type f -name...
0 Comments
RSS Feed
Email a friend
Zues packing list
Profile: Dan O'Connor
So what was in the Zues rar? 7z.exe - Looks clean, nothing reported on it. bt.exe - Listed as suspicious but nothing specific by any vendor. upx.exe - Nothing reported. FASM.exe - Listed as suspicious but nothing specific by any vendor. php.exe - Nothing reported. zip.exe -...
0 Comments
RSS Feed
Email a friend
More Mac fake AV stuff
Profile: Dan O'Connor
0 Comments
RSS Feed
Email a friend
Not to be left out
Profile: Dan O'Connor
http://www.macrumors.com/2011/05/02/new-macdefender-malware-threat-for-mac-os-x/ You can now get your very own fake AV for your Mac. So far no one has reported anything deeply malicious, it just...
0 Comments
RSS Feed
Email a friend
Surprised?
Profile: Dan O'Connor
It's really nice to have someone that is truly honest. http://www.theregister.co.uk/2011/05/12/fbi_protects_isps/ That quote from the FBI agent will stay with me for a long time. This will be interesting to follow, I really think that information should be like this. I can see how a...
0 Comments
RSS Feed
Email a friend
