Penetration Testing mailing list archives
Re: Analize Virus
From: lists73 () skilltube com
Date: Fri, 3 Aug 2007 18:00:09 +0200
Hi, Some people recommeded VMWare. While being a great product in general, you might run into problems when using it for malware analysis. Malware these days, at least the sophisticated ones, detect that they are running inside a virtual machine. Your results are therefore not what you migh expect. We use Core Restore instead. http://www.coreprotect.com/core_restore.html It might be cool to see what files are created,changed or deleted, but it does not give you a real clue what the malware does. Take the banking trojans as an example. Most of them trigger only when the victim types in the correct URL of the targeted bank. You need not only file/registry tools, you should combine that with WiresShark for network traffic analysis, Paros to see what is going on on the web application part, OllyDbg to analyze the malware sample more deeply etc. etc. Hope that helps SkillTube Team Quoting Rafa Richart <Rafa () ontinet com>:
Hi Pals,we're looking for some tools to analize the Malware behaivor, we've a Lab under contrucción, but we need some advices of what tools we've to use. tools to see what have benn changin the registry, stat conexions etc...Any help is wellcome. Thanks in advance Rafa ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Analize Virus 杨峰 (Aug 01)
- Re: Analize Virus Paul Halliday (Aug 03)
- <Possible follow-ups>
- Re: Analize Virus Jason Ross (Aug 01)
- Re: Analize Virus Robert McArdle (Aug 01)
- Re: Analize Virus Colin Copley (Aug 01)
- RE: Analize Virus Matt Steer (Aug 03)
- Re: Analize Virus lists73 (Aug 03)
- Re: Analize Virus Andre' - SemperSecurus (Aug 03)
- Re[2]: Analize Virus Rafa Richart (Aug 03)
- Re: Re: Analize Virus ebk_lists (Aug 03)