Tag Archives: malware

VMware vSphere Java examples

Posted on February 2012 by admin

I had to automate some VMware tasks the other day, and with the latest ESXi it seems the best way is the VI Java API. Note: I typically not code in Java! Continue reading →

Posted in research | Tagged malware, research | Leave a comment

Anti-virus labels are not suitable for system evaluation

Posted on September 2011 by admin

I won’t name names, but there’s plenty of researchers out there that rely on anti-virus labeling in their research. While this could work, without manual validation there’s very little chance the AV labels can be used as any sort of ground truth.

Here’s 5 reports:
1. fc39ce1593cfb6ca1eb0c289a2ca561c
2. c4d93b536f35b350a992a402dfd72e12
3. c77ba55255c1db38568ca3a73d4b8a72
4. e57d938e0754e4fbb3b87cf818a0fc69
5. e397696b7835ccdcfad9d768cf1a091c

Quick highlights in classification from each report:
1. Bredolab, Krap, Ursnif, Downloader, Generic, etc…
2. Krap, Kryptic, Generic packed, etc…
3. Bredolab, Oficla, Krap, Zbot, Ldpinch, etc…
4. Bredolab, Harnig, Krap, Ursnif, etc…
5. FakeAV, Bubnix, etc… Continue reading →

Posted in research | Tagged malware, research | Comments Off

Naming some popular spambots

Posted on October 2010 by admin

Part of what I’ve been doing lately is finding, running, and maintaining bots in a controlled environment. The first part, finding, which includes identifying the binaries I’m running, turns out to be difficult to do. Continue reading →

Posted in research | Tagged malware, research, security | Comments Off

Tag Archives: malware

VMware vSphere Java examples

Anti-virus labels are not suitable for system evaluation

Naming some popular spambots

Contact Info

Pages

Recent Posts