Posts Tagged ‘virus’

No Comments

Stuxnet lessons – and resources


2010
11.27

Tags: , , ,
Posted in code, security, sysadmin | No Comments »

Just a quick grouping of resources relating to Stuxnet resources and analysis after the targeted infections of the frequency converters of the Vaasa, Finland based Vacon (though Vacon publicly denies this) and Iranian company Fararo Paya.

The bottomline takeaway – never use default passwords (partical attack vector of the PLCs and SCADAs), and keep systems patched (4 zero-day Windows-based attacks). And don’t allow USB devices on a production network (the entry point of the 0.5Mb virus written in C and C++)… (more…)

No Comments

Virus Removal: Quick list of Rootkit Scanners


2010
04.16

Tags: , , ,
Posted in Did you know, sysadmin | No Comments »

With the Alueron rootkit out and about, even the Microsoft patches can now detect whether it’s installed: Microsoft on Alueron rootkit
A range of useful links below:

No Comments

Step-by-step virus disassembly


2010
03.30

Tags: , , ,
Posted in code, security, synch.cc, sysadmin | No Comments »

Over at SkullSecurity they’ve done a great job of a step-by-step disassembly of the Energizer Trojan using IDA. Using a sterile/insight environment, they go through the code to give you an insight into the workings of “obfuscation” (or lack thereof), backdoor management (on port 7777) and more.

Good beginner’s intro with pretty pictures :)