Section: .. / papers / virus /
| /// File Name: |
200201p.txt |
Description:
|
"Techniques a worm might use to be harder to locate" is a look at how worms may evolve to be harder to locate on a infected computer. It begins very simple to build up to some ideas that are quite complex. Includes example source code written in Perl.
| | Author: | One Semicolon | | Homepage: | http://onesemicolon.cjb.net | | File Size: | 35736 | | Last Modified: | Mar 6 01:55:07 2002 |
| MD5 Checksum: | 8283bc6a78e7a27bb5b76906b3f53bca |
|
| /// File Name: |
alife.ps |
Description:
|
Computer Viruses as Artificial Life: A consideration of computer viruses as artificial life - self-replicating organisms
| | File Size: | 142937 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 1ae4b7f4e2c8c0a58b24fec542d0949b |
|
| /// File Name: |
bofra_overview.txt |
Description:
|
Brief analysis of the Bofra, aka MyDoom.AG/AH, worm that was first discovered circulating in the wild November 8th.
| | Author: | Bryan Burns | | File Size: | 7826 | | Last Modified: | Nov 20 16:56:06 2004 |
| MD5 Checksum: | 1ada5872347d870822aec9f3feb880b6 |
|
| /// File Name: |
EJohansen_VB2005.tgz |
Description:
|
Whitepaper as well as presentation slides entitled 'Anti-Virus in the Wild' that were presented at the Virus Bulletin 2005 conference in Dublin, Ireland.
| | Author: | Eric Johansen | | Homepage: | http://www.malwareblog.com/ | | File Size: | 1556005 | | Last Modified: | Oct 8 14:21:07 2005 |
| MD5 Checksum: | 2eb9fce04803b5a48cb675c3a107e235 |
|
| /// File Name: |
faq.txt |
Description:
|
Frequently Asked Questions on VIRUS-L/compvirus
| | File Size: | 84745 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 7412ddeb7e54a0b7d2ed6a5c271b8a7b |
|
| /// File Name: |
fedeli.txt |
Description:
|
Organizing a Corporate Anti-Virus Effort: A description of how IBM Corp has learned to cope with computer viruses and related threats
| | File Size: | 26215 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | bdf9b82624634ee5f92eb097c5b3f1a7 |
|
| /// File Name: |
future.of.viruses.txt |
Description:
|
The future of viruses and operating systems.
| | Author: | Nucleii | | File Size: | 35320 | | Last Modified: | Mar 6 01:19:25 2002 |
| MD5 Checksum: | 3db99393c0c1debcbdee9a0763ed6add |
|
| /// File Name: |
gao-worm.html |
Description:
|
Computer Security: The GAO's report on the Internet Worm of November, 1988, and on the then-current state of Internet vulnerabilities and prosecution of computer virus cases
| | File Size: | 106274 | | Last Modified: | Feb 19 13:42:42 1997 |
| MD5 Checksum: | a7e4b0ee830e56a714c1eb9cc199dcb7 |
|
| /// File Name: |
grams.html |
Description:
|
Full analysis of the Win32.Grams trojan. It differs from previous E-Gold phishing trojans in that it does not steal credentials instead uses the victim's own browser to siphon all the E-Gold directly from their account to another E-Gold account, using OLE automation. This would completely bypass all the new authentication methods financial institutions are using to thwart keystroke loggers/password stealers, because the trojan simply lets the user do the authentication, then takes over from there.
| | Author: | Joe Stewart | | Homepage: | http://www.lurhq.com/grams.html | | File Size: | 9002 | | Last Modified: | Nov 12 19:43:06 2004 |
| MD5 Checksum: | 595a24440e3a2c58515e37bc9c53b38e |
|
| /// File Name: |
intrusion-agent.pdf |
Description:
|
White paper discussing methodologies for accessing internal networks using HTTP tunneling and tricking end users.
| | Author: | Frederic Charpentier | | File Size: | 915795 | | Last Modified: | Aug 25 22:37:28 2003 |
| MD5 Checksum: | ccd40eb358c1a868a3672f6b1af39a1a |
|
| /// File Name: |
iworm1.ps |
Description:
|
The Internet Worm Program: An Analysis: A description of the algorithms used by the Internet Worm program of November 2, 1988
| | File Size: | 282906 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | c0d479a69e22b9cccabb87e09c2c27d6 |
|
| /// File Name: |
iworm2.ps |
Description:
|
The Internet Worm Incident A description of the events involved in the Internet Worm of November 2, 1988
| | File Size: | 172872 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 04180e544e3e66c42024ae11bb21a588 |
|
| /// File Name: |
mallogic.ps |
Description:
|
An Overview of Computer Viruses in a Research Environment: An examination of computer viruses as malicious logic in a research and development environment and current techniques in controlling the threats of viruses and other malicious logic programs
| | File Size: | 155594 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 10ec3e77faaea27ad419771194e5e9d7 |
|
| /// File Name: |
malware.pdf |
Description:
|
Whitepaper entitled "Anatomy of a Malware". A tutorial that was created to educate people on how a simple piece of malware works.
| | Author: | Nicolas Falliere | | File Size: | 48483 | | Last Modified: | Jan 13 19:08:06 2007 |
| MD5 Checksum: | 0c505de3a11f6f53a4679b6c0b100a10 |
|
| /// File Name: |
mgtguide.ps |
Description:
|
Computer Viruses and Related Threats: A Management Guide: Guidelines for preventing, deterring, containing, and recovering from attacks of viruses and related threats A report from the US National Institute of Standards and Technology
| | File Size: | 307906 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 47d56f237d81b1397a74121bb2526d2a |
|
| /// File Name: |
mit.ps |
Description:
|
With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988: A detailed description of the events of the Internet Worm of November 2, 1988 from one of the teams of people who combatted it
| | File Size: | 387585 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | e75de2dde56e8726345d1ae4e632d55f |
|
| /// File Name: |
mobilethreats.tgz |
Description:
|
Whitepaper entitled "Summary of Mobile Threat For Year 2005" that provides a detailed analysis of mobile malware and a full understanding of how such virii propagate. Also included is CalvinStinger.SIS which is a disinfection tool for the Symbian S60 platform.
| | Author: | Calvin Tang | | Homepage: | http://www.pipx.net/calvinstinger | | File Size: | 536907 | | Last Modified: | Apr 30 00:45:39 2006 |
| MD5 Checksum: | 1abc86f2a88b24e42e700d09e266e680 |
|
| /// File Name: |
selguide.ps |
Description:
|
A Guide to the Selection of Anti-Virus Tools and Techniques: Criteria for judging the functionality, practicality, and convenience of anti-virus tools A report from the US National Institute of Standards and Technology
| | File Size: | 403464 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 7ee7912770d9bc4d48cbeab3d4dc9cb1 |
|
| /// File Name: |
Taking_Back_Netcat.pdf |
Description:
|
While there are some easy ways of changing the antivirus signature of a program (packers, encryptors, etc), they may not always be viable options for those wishing to bypass antivirus applications. This paper will show how to locate the signature used to identify Netcat, and modify it so that the executable no longer matches Symantec's AV signature, without interfering with any of the program's functionality. This is an exercise in identifying and modifying sections of code (aka, signatures) that are used by antivirus programs to identify malicious code; the tools and techniques used here can be applied to any program that is marked as malicious by AV applications.
| | Author: | Craig Heffner | | Homepage: | http://www.craigheffner.com/ | | File Size: | 245909 | | Last Modified: | Sep 7 04:12:17 2006 |
| MD5 Checksum: | 595c987f017f5351e9fbd2d609a5acc0 |
|
| /// File Name: |
tour.ps |
Description:
|
A Tour of the Worm: A tour of the Internet Worm of November 2, 1988
| | File Size: | 165815 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | fa95c69cf0915ad9f4a9b961d12d6b9f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
