Educause Security Discussion mailing list archives
Reverse Engineeirng a Bot
From: Adam Pridgen <adam.pridgen () THECOVEROFNIGHT COM>
Date: Fri, 22 Jan 2010 14:50:01 -0600
All - I reverse engineered the Plague Bot from a sample that was acquired from a university setting. This is a (poorly constructed) IRC bot that is based off open source malware, and at the time of analysis, the bot was undetected. Its capabilities include USB and other drive infection using autorun, an MSN Spreading mechanism, FF/IE password stealing, along with some of the other usual goodies. I have posted the results of the analysis and the process I followed to reverse engineer the binary. The blog post is located here: http://www.praetoriangrp.com/blog/. Please let me know if you have any questions. Thanks, -- Adam
Current thread:
- Reverse Engineeirng a Bot Adam Pridgen (Jan 22)