Showing posts with label vm. Show all posts
Showing posts with label vm. Show all posts

Feb 26, 2008

Point and Click Trojan

by Eduardo Tongson filed under ,

SharK definitely dumbs down Trojan creation, requires no programming skill at all. It allows for the creation of malware with features such as:

  • encryption
  • polymorphism
  • custom payloads
  • virtual machine detection
  • compression
  • debugger detection
  • password mining
  • remote management
  • software inventory
  • active process and network connection information
  • capture desktop and webcam images
  • record audio
  • log keystrokes
  • analyze network traffic
  • take out the trash (not really)
Impressive set of features and capabilities. I wouldn't be surprised if signature-based detection for sharK-made malware variants are abysmal. At the moment I can't think of legitimate uses for sharK besides remote administration.

It's interesting to note that sharK has detection capabilities for sandboxes and virtual machines. The Trojan can be made to behave differently when detected running inside the following:
  • VMWare
  • Microsoft Virtual PC
  • Innotek VirtualBox
  • Symantec Altiris SVS
  • Sandboxie
  • Norman Sandbox

If you're wondering how the local neighborhood kiddie is churning out custom malware, sharK is the likely tool.

0 comments Links to this post

Feb 18, 2008

Top 10 Podcast Episodes

by Eduardo Tongson filed under , , , ,

Over the years I have compiled my favorite security podcast episodes. Here is my list of top ten shows. Most of these episodes are interviews. Here they are in no particular order:


  1. The Silver Bullet Security Podcast, Show 013 - An Interview with Ross Anderson
    Gary McGraw interviews Ross Anderson author of the book Security Engineering. He is one of the researchers in the Security Group at the University of Cambridge Computer Laboratory which has a blog that I check regularly called Light Blue Touchpaper.

    Gary and Ross talk about the book, economics of information security, Ben Edelman's paper, disclosure and RFID MITM attacks

  2. The Silver Bullet Security Podcast, Show 016 - An Interview with Greg Hoglund
    Gary interviews Greg Hoglund author of Exploiting Software, Rootkits, Exploiting Online Games. In fact Gary McGraw co-authored the first and third book mentioned.

    They talk about reverse engineering, disclosure, rootkits, EULAs, exploiting software and cheating online games.

  3. SploitCast Podcast #008
    Guest Victor Oppleman author of Extreme Exploits discuss the RADB, ISP attacks, darknets, uRPF, botnets, DDoS, DNS attacks, tools.

    I originally wanted to feature a ThreatCast interview of Barrett Lyon, founder of Prolexic but I think this interview of Victor covers more ground not just DDoS attacks.

  4. SploitCast Podcast #016
    The host interviews Dino Dai Zovi, discussing the fascinating topic of virtual machine rootkits, OS X security, wifi attacks, vulnerability development, disclosure and Microsoft security.

  5. StillSecure, After all these years, Podcast #47 - Web application security with RSnake and Jeremiah
    Alan and Mitchell interview Robert "RSnake" Hansen of ha.ckers.org, founder of SecTheory -- Jeremiah Grossman, founder and CTO of Whitehat Security. Of course they discussed application security and of course focused more on web application security.

  6. ThreatCast - Great debate podcast : NAC v SNF
    Alan Shimel, Chris Hoff, Richard Steinnon and Mike Rothman debate over NAC, Network Admission Control. Bullshit was thrown, heads were rolling and no conclusions were arrived at.

  7. Security Now 91: Marc Maiffret of eEye Digital Security
    Leo and Steve interview Marc Maiffret. Marc talks about how he got started with security, Windows and Mac OS X security, 0days, vulnerability development, client side attacks and eEye's products.

  8. McAfee AudioParasitics Episode 17
    Jim and Dave is joined by Dave Aitel of Immunity. Dave Aitel talks about his stint at @stake, Immunity products, mobile devices, penetration testing, virtualization, vulnerability development and malware.

  9. McAfee AudioParasitics Episode 19
    McAfee AudioParasitics Episode 20
    This two-part show features guests Rafal Wojtczuk and Rahul Kashyap. The hosts and the guests talk about malware on virtual machines and virtualization security in general.

  10. PaulDotCom Security Weekly - Interview with Mike Poor & Ed Skoudis - Part 1
    PaulDotCom Security Weekly - Interview with Mike Poor & Ed Skoudis - Part 2
    Larry and Paul interviews Mike Poor and Ed Skoudis. They talk about their first computers, how they got started in security, SANS, ISC, botnets, malware, Brazilian hacker groups, physical NOP Sleds, research and security in general.

Listen up to these podcasts while they're still online and most of the topics discussed aren't stale yet.

2 comments Links to this post

Subscribe to: Posts (Atom)