http://arnoth.net/earnoth/dokuwiki/ 2010-01-24T16:56:26-06:00 http://arnoth.net/earnoth/dokuwiki/ http://arnoth.net/earnoth/dokuwiki/lib/images/favicon.ico text/html 2010-01-23T14:58:29-06:00 earnoth http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:9d64e6a0dc6a3353770916d53350c2ac Research Notes for bd618f92139641ac7a2800c9f895a2ce Summary Notes 2010-01-23 Executed on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343. Installed an agent that started massive communications with a multitude of hosts on the Internet, primarily over port 80 but seeming to use encrypted channels. text/html 2010-01-23T14:12:49-06:00 earnoth http://arnoth.net/earnoth/dokuwiki/techdocs:ubuntu:general Ubuntu General Documents This section contains my documentation for generic features that are typically common across different Ubuntu versions. Administration Installing package clusters Using Apt, one can install many different packages for a purpose using the meta-packages. For example, the different developer packages (gcc, make, bison, etc) required for compiling most different open source projects can be installed using build-essential: text/html 2010-01-23T13:51:44-06:00 earnoth http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware Tracking Sites <http://www.nothink.org> malware irc control sites Research Notes e797cdc4dc4badc3c639bfc2f71240b6 53e38a165518036db28523eed3bac45e 289567012392e5739fcd5f73043a005e 3018e3b251119fd3215489f1f233a328 1f443c0271f1d699164521fb8b3dd408 text/html 2010-01-11T19:08:25-06:00 earnoth http://arnoth.net/earnoth/dokuwiki/techdocs:linux:commandline The following is a list of useful commands that I've learned for Linux, but that I use so rarely, I tend to forget until I need them again. Creating a CD ISO To rip an entire normal data-cd (ISO filesystem) from a CD-ROM: dd if=/dev/cdrom of=my_cd_image.iso Making an ISO from a file system To create an iso using files in Linux: text/html 2010-01-10T21:46:51-06:00 earnoth http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:0fc38cc0e7f8f732a79b976fd79d9a76 Research Notes for 0fc38cc0e7f8f732a79b976fd79d9a76 Summary Notes 2010-01-10 Executed on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343, OS complains that the file “is not a valid Win32 application”. Links virustotal analysis text/html 2010-01-10T21:41:37-06:00 earnoth http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:1df34209b750a6651f94388897d0f737 Research Notes for 1df34209b750a6651f94388897d0f737 Summary Notes 2010-01-10 Executed on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343. Received a dialog box that exclaimed, “W32.NytemareV2 says 'Your kung-fu is no good!'” Will try on a bare-metal victim device tomorrow. text/html 2010-01-10T21:29:46-06:00 earnoth http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:f981992c0f944aa29ab9a217b98d7172 Research Notes for f981992c0f944aa29ab9a217b98d7172 Summary Notes 2010-01-10 Executed on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343, OS complains that the file “is not a valid Win32 application”. Executed on Win2KSP0 running in VMware ESX Server 110271, OS complains that the file “is not a valid Win32 application”. text/html 2010-01-10T21:26:28-06:00 earnoth http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:bd618f92139641ac7a2800c9f895a2ce Research Notes for bd618f92139641ac7a2800c9f895a2ce Summary Notes 2010-01-10 Executed on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343, OS complains that the file “is not a valid Win32 application”. Executed on Win2KSP0 running in VMware ESX Server 110271, OS complains that the file “is not a valid Win32 application”. text/html 2010-01-10T21:10:28-06:00 earnoth http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:61b0eb271ad8b4417ad3b5e292e4b545 Research Notes for 61b0eb271ad8b4417ad3b5e292e4b545 Summary Notes 2010-01-10 Executed on Win2KSP0 running in VMware ESX Server 110271. Application spawned, but has not yet shown any appreciable network behavior. Continuing to run the test overnight. text/html 2010-01-10T21:07:07-06:00 earnoth http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:a4c0f6ed2dbb15e8dbfbcf261531a1f6 Research Notes for a4c0f6ed2dbb15e8dbfbcf261531a1f6 Summary Notes 2010-01-09 Executed on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343. No appreciable network behavior. Test terminated. Links text/html 2010-01-10T21:06:50-06:00 earnoth http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:ef0d2bf1947b1ff2ffdd572e484f531d Research Notes for ef0d2bf1947b1ff2ffdd572e484f531d Summary Notes 2010-01-09 Executed on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343. No appreciable network behavior. Test terminated. Links text/html 2010-01-09T10:32:55-06:00 earnoth http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:0ada2a2f49fd01b56b7c0ca69de2dbf6 Research Notes for 0ada2a2f49fd01b56b7c0ca69de2dbf6 Summary Notes 2010-01-09 Unable to execute on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343, OS complains that the file “is not a valid Win32 application”. Links virustotal analysis text/html 2010-01-09T10:31:57-06:00 earnoth http://arnoth.net/earnoth/dokuwiki/techdocs:security:malware:90eef215f1ab82cf891731cace23ac9b Research Notes for 90eef215f1ab82cf891731cace23ac9b Summary Notes 2010-01-09 Unable to execute on WinXPHomeSP2 running in VMware Server 1.0.0 build 28343, OS complains that the file “is not a valid Win32 application”. Links virustotal analysis